34 matches found
CVE-2024-33568
CVE-2024-33568 affects the WordPress plugin BdThemes Element Pack Pro. According to the CVE and corroborating sources, it enables Path Traversal and deserialization of untrusted data, allowing an attacker with at least Contributor+ privileges to perform an arbitrary file read and PHAR deserializa...
CVE-2024-3926
CVE-2024-3926 affects Element Pack Elementor Addons for WordPress (bdthemes-element-pack-lite). Vulnerability: Stored XSS via custom_attributes in widgets, exploitable by authenticated users with Contributor+ on versions
CVE-2024-1429
The CVE-2024-1429 entry concerns Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) for WordPress. It describes a Stored Cross-Site Scripting flaw in the Panel Slider widget, exploitable via the tab_link attribute, across all versions up to and...
CVE-2024-11852
CVE-2024-11852 affects the Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) plugin for WordPress. The root cause is a missing capability check in the get_layouts() function, present in all versions up to and including 5.10.12. This allows a...
CVE-2024-4359
CVE-2024-4359 (Element Pack for WordPress) : The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin is exploitable via arbitrary file read in all versions up to 5.7.2, using the SVG widget and insufficient file validation in render_svg. ...
CVE-2024-1426
CVE-2024-1426 affects the Element Pack Elementor Addons for WordPress (bdthemes-element-pack-lite) up to version 5.6.0. It describes a Stored Cross-Site Scripting vulnerability via the Price List widget’s link attribute caused by insufficient input sanitization and output escaping. Exploitation r...
CVE-2024-30496
CVE-2024-30496 affects BdThemes Element Pack Elementor Addons (Header/Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) up to version 5.5.3. The entry describes an SQL Injection caused by improper neutralization of elements in SQL commands. The vulnerability is classified as netwo...
CVE-2024-0837
Technical details beyond the initial description are not provided in the attached documents. Monitor for updates to confirm affected versions, impact, and fixes.
CVE-2024-32572
The CVE-2024-32572 entry concerns BdThemes Element Pack Elementor Addons (versions up to 5.6.0) with a Cross-Site Scripting (Stored XSS) vulnerability caused by improper input neutralization during web page generation. Affected component is the WordPress plugin Element Pack Elementor Addons; impa...
CVE-2024-2455
The CVE-2024-2455 entry concerns the Element Pack Pro Addon for Elementor Page Builder (WordPress). It is a Stored Cross-Site Scripting vulnerability in the widget wrapper link URL, present in all versions up to 7.9.0. Exploitation requires authenticated access at contributor level or higher, ena...
CVE-2024-24840
CVE-2024-24840 : BdThemes Element Pack Elementor Addons (WordPress plugin)
CVE-2024-4360
CVE-2024-4360 affects Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) for WordPress. Root cause: insufficient input sanitization and output escaping on user-supplied attributes like title_tag, enabling Stored XSS via widgets. Affected versio...
CVE-2024-3927
CVE-2024-3927 affects the WordPress plugin “Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)”. The vulnerability is a form submission admin email bypass where unauthenticated attackers can bypass admin-email restrictions by submitting a conta...
CVE-2025-1458
CVE-2025-1458 affects the WordPress plugin Element Pack Addons for Elementor (Lite/Pro) up to version 5.10.29. The issue is a stored cross-site scripting (XSS) caused by insufficient input sanitization and output escaping in multiple widgets (e.g., Dual Button, Creative Button, Image Stack). Expl...
CVE-2024-10493
The CVE-2024-10493 affects Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) for WordPress prior to 5.10.3. It stems from insufficient validation/escaping of certain block options, allowing Stored XSS by users with contributor+ permissions w...
CVE-2024-10980
The CVE-2024-10980 entry concerns the Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) WordPress plugin before 5.10.3. The issue is a Stored XSS vulnerability in the Cookie Consent block options that are output back into pages/posts when th...
CVE-2024-2966
CVE-2024-2966 affects the Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) WordPress plugin. The issue is Sensitive Information Exposure via the element_pack_ajax_search function in all versions up to 5.5.6, allowing unauthenticated attackers...
CVE-2024-3925
CVE-2024-3925 – Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerable until 5.6.7 per CVE record; stored XSS via Creative Button widget occurs with authenticated attackers at contributor level or higher. Connected sources confirm the is...
CVE-2024-1428
CVE-2024-1428 : The Element Pack Elementor Addons' Trailer Box widget (element_pack_wrapper_link) is vulnerable to Stored XSS in all versions up to and including 5.5.3 due to insufficient input sanitization and output escaping. Exploitation requires contributor-level or higher authentication and ...
CVE-2024-30185
CVE-2024-30185 is a Cross‑site Scripting (Stored XSS) vulnerability in BdThemes Element Pack Elementor Addons. Public details from the CVE entry indicate the issue affects Element Pack Elementor Addons up to version 5.5.3 (no n/a/vendorer product details beyond this provided). The Red Hat/Wordfen...
CVE-2024-39667
CVE-2024-39667 describes a stored cross-site scripting (XSS) vulnerability in the BdThemes Element Pack Elementor Addons WordPress plugin, affecting versions through 5.6.11. The root cause is improper neutralization of input during web page generation. Exploitation could result in stored XSS with...
CVE-2024-7247
The CVE-2024-7247 issue affects the Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) WordPress plugin. It allows Stored Cross‑Site Scripting via the plugin’s Custom Gallery and Countdown widgets in all versions up to 5.7.2 due to insufficient...
CVE-2024-9058
CVE-2024-9058 is a stored XSS in the Lightbox widget of the WordPress plugin “Element Pack Elementor Addons” (bdthemes-element-pack-lite/Element Pack Addons for Elementor). The issue exists in all versions up to and including 5.10.5 and is exploitable by authenticated users with Contributor-level...
CVE-2024-10310
CVE-2024-10310 affects the WordPress plugin “Element Pack Elementor Addons” (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows). It is a stored cross-site scripting (XSS) vulnerability in the Custom Gallery Widget, specifically via the image_title parameter. The issue exists...
CVE-2024-12851
CVE-2024-12851 affects the Element Pack Elementor Addons Lite (Header Footer, Template Library, Dynamic Grid, Carousel, Remote Arrows) for WordPress. The vulnerability is a Stored Cross-Site Scripting via the custom_attributes parameter of the Cookie Consent Widget, present in all versions up to ...
CVE-2024-9657
CVE-2024-9657 affects the Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) for WordPress. The issue is Stored Cross-Site Scripting via the tooltip parameter in all versions up to 5.10.2 due to insufficient input sanitization and output esca...
CVE-2024-9867
CVE-2024-9867 affects the Element Pack Elementor Addons for WordPress (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows). It is a stored cross-site scripting vulnerability via the Open Map Widget’s marker_content parameter in all versions up to 5.10.2, caused by insufficien...
CVE-2024-47392
The CVE-2024-47392 entry documents a Stored Cross-Site Scripting vulnerability in BdThemes Element Pack Elementor Addons (up to version 5.7.5). The root cause is improper neutralization of input during web page generation, enabling XSS via the affected addon. The issue affects Elementor Addons in...
CVE-2024-9868
CVE-2024-9868 affects the WordPress plugin Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) . All versions up to and including 5.10.1 are susceptible to a Stored Cross-Site Scripting (XSS) via the Age Gate Widget’s url parameter, caused by in...
CVE-2024-5555
CVE-2024-5555 affects the Element Pack Elementor Addons (bdthemes-element-pack-lite) up to version 5.6.5, due to Stored XSS in the social-link-title parameter. The issue requires Contributor+ privileges and can cause arbitrary scripts to run when affected pages are viewed. Connected sources confi...
CVE-2025-5944
CVE-2025-5944 affects the Element Pack Addons for Elementor WordPress plugin (versions up to 8.0.0). The vulnerability is a Stored/DOM-Based Cross-Site Scripting via the data-caption attribute, exploitable by authenticated users with Contributor-level access or higher. The root cause is insuffici...
CVE-2024-5554
CVE-2024-5554 affects the WordPress plugin Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows). The vulnerability is a Stored Cross-Site Scripting via the onclick_event parameter in all versions up to and including 5.6.11, caused by insufficient...
CVE-2025-8100
The CVE covers WordPress Element Pack Elementor Addons and Templates plugin (Element Pack) with a Stored Cross-Site Scripting vulnerability via the marker_content parameter in the Open Street Map widget, affected up to version 8.1.5. Root cause: insufficient input sanitization and output escaping...
CVE-2024-4643
CVE-2024-4643 concerns the WordPress plugin “Element Pack Elementor Addons” (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows). The vulnerability is a Stored Cross-Site Scripting (XSS) via the end_redirect_link parameter in versions up to and including 5.7.1, caused by insu...