Lucene search
K
BdthemesElement Pack

34 matches found

CVE
CVE
added 2024/06/04 1:12 p.m.110 views

CVE-2024-33568

CVE-2024-33568 affects the WordPress plugin BdThemes Element Pack Pro. According to the CVE and corroborating sources, it enables Path Traversal and deserialization of untrusted data, allowing an attacker with at least Contributor+ privileges to perform an arbitrary file read and PHAR deserializa...

8.5CVSS5.2AI score0.00523EPSS
CVE
CVE
added 2024/05/22 2:32 p.m.79 views

CVE-2024-3926

CVE-2024-3926 affects Element Pack Elementor Addons for WordPress (bdthemes-element-pack-lite). Vulnerability: Stored XSS via custom_attributes in widgets, exploitable by authenticated users with Contributor+ on versions

6.4CVSS6AI score0.00324EPSS
CVE
CVE
added 2024/04/18 4:32 a.m.76 views

CVE-2024-1429

The CVE-2024-1429 entry concerns Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) for WordPress. It describes a Stored Cross-Site Scripting flaw in the Panel Slider widget, exploitable via the tab_link attribute, across all versions up to and...

6.4CVSS6.1AI score0.00323EPSS
CVE
CVE
added 2024/12/22 1:41 a.m.73 views

CVE-2024-11852

CVE-2024-11852 affects the Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) plugin for WordPress. The root cause is a missing capability check in the get_layouts() function, present in all versions up to and including 5.10.12. This allows a...

4.3CVSS4.4AI score0.00345EPSS
CVE
CVE
added 2024/08/09 4:29 a.m.73 views

CVE-2024-4359

CVE-2024-4359 (Element Pack for WordPress) : The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin is exploitable via arbitrary file read in all versions up to 5.7.2, using the SVG widget and insufficient file validation in render_svg. ...

6.5CVSS6.3AI score0.00507EPSS
CVE
CVE
added 2024/04/18 4:32 a.m.72 views

CVE-2024-1426

CVE-2024-1426 affects the Element Pack Elementor Addons for WordPress (bdthemes-element-pack-lite) up to version 5.6.0. It describes a Stored Cross-Site Scripting vulnerability via the Price List widget’s link attribute caused by insufficient input sanitization and output escaping. Exploitation r...

6.4CVSS5.7AI score0.00323EPSS
CVE
CVE
added 2024/03/29 1:57 p.m.71 views

CVE-2024-30496

CVE-2024-30496 affects BdThemes Element Pack Elementor Addons (Header/Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) up to version 5.5.3. The entry describes an SQL Injection caused by improper neutralization of elements in SQL commands. The vulnerability is classified as netwo...

8.8CVSS8.9AI score0.00577EPSS
CVE
CVE
added 2024/04/06 7:34 a.m.68 views

CVE-2024-0837

Technical details beyond the initial description are not provided in the attached documents. Monitor for updates to confirm affected versions, impact, and fixes.

6.4CVSS6.1AI score0.00344EPSS
CVE
CVE
added 2024/04/18 9:39 a.m.65 views

CVE-2024-32572

The CVE-2024-32572 entry concerns BdThemes Element Pack Elementor Addons (versions up to 5.6.0) with a Cross-Site Scripting (Stored XSS) vulnerability caused by improper input neutralization during web page generation. Affected component is the WordPress plugin Element Pack Elementor Addons; impa...

6.5CVSS5.2AI score0.00289EPSS
CVE
CVE
added 2024/08/01 12:43 p.m.64 views

CVE-2024-2455

The CVE-2024-2455 entry concerns the Element Pack Pro Addon for Elementor Page Builder (WordPress). It is a Stored Cross-Site Scripting vulnerability in the widget wrapper link URL, present in all versions up to 7.9.0. Exploitation requires authenticated access at contributor level or higher, ena...

6.4CVSS5.7AI score0.00304EPSS
CVE
CVE
added 2024/03/23 2:45 p.m.64 views

CVE-2024-24840

CVE-2024-24840 : BdThemes Element Pack Elementor Addons (WordPress plugin)

5.4CVSS8.6AI score0.00288EPSS
CVE
CVE
added 2024/08/09 4:29 a.m.64 views

CVE-2024-4360

CVE-2024-4360 affects Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) for WordPress. Root cause: insufficient input sanitization and output escaping on user-supplied attributes like title_tag, enabling Stored XSS via widgets. Affected versio...

6.4CVSS6.1AI score0.00446EPSS
CVE
CVE
added 2024/05/22 6:50 a.m.63 views

CVE-2024-3927

CVE-2024-3927 affects the WordPress plugin “Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)”. The vulnerability is a form submission admin email bypass where unauthenticated attackers can bypass admin-email restrictions by submitting a conta...

5.3CVSS5.7AI score0.00425EPSS
CVE
CVE
added 2025/04/26 5:34 a.m.63 views

CVE-2025-1458

CVE-2025-1458 affects the WordPress plugin Element Pack Addons for Elementor (Lite/Pro) up to version 5.10.29. The issue is a stored cross-site scripting (XSS) caused by insufficient input sanitization and output escaping in multiple widgets (e.g., Dual Button, Creative Button, Image Stack). Expl...

6.4CVSS5.7AI score0.00179EPSS
CVE
CVE
added 2024/11/28 6:0 a.m.62 views

CVE-2024-10493

The CVE-2024-10493 affects Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) for WordPress prior to 5.10.3. It stems from insufficient validation/escaping of certain block options, allowing Stored XSS by users with contributor+ permissions w...

5.4CVSS5.7AI score0.00349EPSS
CVE
CVE
added 2024/11/29 6:0 a.m.60 views

CVE-2024-10980

The CVE-2024-10980 entry concerns the Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) WordPress plugin before 5.10.3. The issue is a Stored XSS vulnerability in the Cookie Consent block options that are output back into pages/posts when th...

5.4CVSS5.7AI score0.00349EPSS
CVE
CVE
added 2024/04/11 7:31 a.m.60 views

CVE-2024-2966

CVE-2024-2966 affects the Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) WordPress plugin. The issue is Sensitive Information Exposure via the element_pack_ajax_search function in all versions up to 5.5.6, allowing unauthenticated attackers...

7.5CVSS5.3AI score0.00492EPSS
CVE
CVE
added 2024/06/12 7:32 a.m.60 views

CVE-2024-3925

CVE-2024-3925 – Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) Vulnerable until 5.6.7 per CVE record; stored XSS via Creative Button widget occurs with authenticated attackers at contributor level or higher. Connected sources confirm the is...

6.4CVSS6.1AI score0.00341EPSS
CVE
CVE
added 2024/04/06 7:34 a.m.59 views

CVE-2024-1428

CVE-2024-1428 : The Element Pack Elementor Addons' Trailer Box widget (element_pack_wrapper_link) is vulnerable to Stored XSS in all versions up to and including 5.5.3 due to insufficient input sanitization and output escaping. Exploitation requires contributor-level or higher authentication and ...

6.4CVSS6.1AI score0.00434EPSS
CVE
CVE
added 2024/03/27 11:50 a.m.59 views

CVE-2024-30185

CVE-2024-30185 is a Cross‑site Scripting (Stored XSS) vulnerability in BdThemes Element Pack Elementor Addons. Public details from the CVE entry indicate the issue affects Element Pack Elementor Addons up to version 5.5.3 (no n/a/vendorer product details beyond this provided). The Red Hat/Wordfen...

6.5CVSS8.6AI score0.00336EPSS
CVE
CVE
added 2024/08/01 9:33 p.m.56 views

CVE-2024-39667

CVE-2024-39667 describes a stored cross-site scripting (XSS) vulnerability in the BdThemes Element Pack Elementor Addons WordPress plugin, affecting versions through 5.6.11. The root cause is improper neutralization of input during web page generation. Exploitation could result in stored XSS with...

6.5CVSS6.5AI score0.00247EPSS
CVE
CVE
added 2024/08/13 5:30 a.m.54 views

CVE-2024-7247

The CVE-2024-7247 issue affects the Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) WordPress plugin. It allows Stored Cross‑Site Scripting via the plugin’s Custom Gallery and Countdown widgets in all versions up to 5.7.2 due to insufficient...

6.4CVSS5.8AI score0.00451EPSS
CVE
CVE
added 2024/12/03 6:50 a.m.52 views

CVE-2024-9058

CVE-2024-9058 is a stored XSS in the Lightbox widget of the WordPress plugin “Element Pack Elementor Addons” (bdthemes-element-pack-lite/Element Pack Addons for Elementor). The issue exists in all versions up to and including 5.10.5 and is exploitable by authenticated users with Contributor-level...

6.4CVSS5.8AI score0.00236EPSS
CVE
CVE
added 2024/11/02 2:3 a.m.51 views

CVE-2024-10310

CVE-2024-10310 affects the WordPress plugin “Element Pack Elementor Addons” (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows). It is a stored cross-site scripting (XSS) vulnerability in the Custom Gallery Widget, specifically via the image_title parameter. The issue exists...

6.4CVSS5.5AI score0.00244EPSS
CVE
CVE
added 2025/01/08 6:41 a.m.49 views

CVE-2024-12851

CVE-2024-12851 affects the Element Pack Elementor Addons Lite (Header Footer, Template Library, Dynamic Grid, Carousel, Remote Arrows) for WordPress. The vulnerability is a Stored Cross-Site Scripting via the custom_attributes parameter of the Cookie Consent Widget, present in all versions up to ...

6.4CVSS5.9AI score0.00283EPSS
CVE
CVE
added 2024/11/05 11:32 a.m.48 views

CVE-2024-9657

CVE-2024-9657 affects the Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) for WordPress. The issue is Stored Cross-Site Scripting via the tooltip parameter in all versions up to 5.10.2 due to insufficient input sanitization and output esca...

6.5CVSS5.5AI score0.00336EPSS
CVE
CVE
added 2024/11/05 11:32 a.m.48 views

CVE-2024-9867

CVE-2024-9867 affects the Element Pack Elementor Addons for WordPress (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows). It is a stored cross-site scripting vulnerability via the Open Map Widget’s marker_content parameter in all versions up to 5.10.2, caused by insufficien...

5.4CVSS5.2AI score0.00258EPSS
CVE
CVE
added 2024/10/05 2:42 p.m.47 views

CVE-2024-47392

The CVE-2024-47392 entry documents a Stored Cross-Site Scripting vulnerability in BdThemes Element Pack Elementor Addons (up to version 5.7.5). The root cause is improper neutralization of input during web page generation, enabling XSS via the affected addon. The issue affects Elementor Addons in...

6.5CVSS5.9AI score0.00241EPSS
CVE
CVE
added 2024/11/02 2:3 a.m.46 views

CVE-2024-9868

CVE-2024-9868 affects the WordPress plugin Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) . All versions up to and including 5.10.1 are susceptible to a Stored Cross-Site Scripting (XSS) via the Age Gate Widget’s url parameter, caused by in...

5.4CVSS5.2AI score0.00256EPSS
CVE
CVE
added 2024/07/18 8:33 a.m.38 views

CVE-2024-5555

CVE-2024-5555 affects the Element Pack Elementor Addons (bdthemes-element-pack-lite) up to version 5.6.5, due to Stored XSS in the social-link-title parameter. The issue requires Contributor+ privileges and can cause arbitrary scripts to run when affected pages are viewed. Connected sources confi...

6.4CVSS6AI score0.00499EPSS
CVE
CVE
added 2025/07/03 4:25 a.m.37 views

CVE-2025-5944

CVE-2025-5944 affects the Element Pack Addons for Elementor WordPress plugin (versions up to 8.0.0). The vulnerability is a Stored/DOM-Based Cross-Site Scripting via the data-caption attribute, exploitable by authenticated users with Contributor-level access or higher. The root cause is insuffici...

6.4CVSS5.6AI score0.00269EPSS
CVE
CVE
added 2024/07/18 8:33 a.m.36 views

CVE-2024-5554

CVE-2024-5554 affects the WordPress plugin Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows). The vulnerability is a Stored Cross-Site Scripting via the onclick_event parameter in all versions up to and including 5.6.11, caused by insufficient...

6.4CVSS6.1AI score0.00337EPSS
CVE
CVE
added 2025/08/06 3:40 a.m.34 views

CVE-2025-8100

The CVE covers WordPress Element Pack Elementor Addons and Templates plugin (Element Pack) with a Stored Cross-Site Scripting vulnerability via the marker_content parameter in the Open Street Map widget, affected up to version 8.1.5. Root cause: insufficient input sanitization and output escaping...

5.4CVSS5.5AI score0.03115EPSS
CVE
CVE
added 2024/08/02 9:29 a.m.32 views

CVE-2024-4643

CVE-2024-4643 concerns the WordPress plugin “Element Pack Elementor Addons” (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows). The vulnerability is a Stored Cross-Site Scripting (XSS) via the end_redirect_link parameter in versions up to and including 5.7.1, caused by insu...

6.4CVSS5.8AI score0.00351EPSS