Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
175 vulnerabilities by bdthemes
CVE-2026-57413 (GCVE-0-2026-57413)
Vulnerability from cvelistv5 – Published: 2026-07-13 08:41 – Updated: 2026-07-13 08:41
VLAI
EPSS
VEX
Title
WordPress Instant Image Generator plugin <= 2.1.4 - Server Side Request Forgery (SSRF) vulnerability
Summary
Server-Side Request Forgery (SSRF) vulnerability in bdthemes Instant Image Generator ai-image allows Server Side Request Forgery.This issue affects Instant Image Generator: from n/a through <= 2.1.4.
Severity
6.4 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| bdthemes | Instant Image Generator |
Affected:
0 , ≤ 2.1.4
(custom)
|
Date Public
2026-07-13 10:37
Credits
{
"containers": {
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "ai-image",
"product": "Instant Image Generator",
"vendor": "bdthemes",
"versions": [
{
"changes": [
{
"at": "2.1.5",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ParkHyunWoo | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-07-13T10:37:23.984Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Server-Side Request Forgery (SSRF) vulnerability in bdthemes Instant Image Generator ai-image allows Server Side Request Forgery.\u003cp\u003eThis issue affects Instant Image Generator: from n/a through \u003c= 2.1.4.\u003c/p\u003e"
}
],
"value": "Server-Side Request Forgery (SSRF) vulnerability in bdthemes Instant Image Generator ai-image allows Server Side Request Forgery.This issue affects Instant Image Generator: from n/a through \u003c= 2.1.4."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-13T08:41:24.334Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/ai-image/vulnerability/wordpress-instant-image-generator-plugin-2-1-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
],
"title": "WordPress Instant Image Generator plugin \u003c= 2.1.4 - Server Side Request Forgery (SSRF) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-57413",
"datePublished": "2026-07-13T08:41:24.334Z",
"dateReserved": "2026-06-24T12:46:38.624Z",
"dateUpdated": "2026-07-13T08:41:24.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-63079 (GCVE-0-2025-63079)
Vulnerability from cvelistv5 – Published: 2026-06-26 14:52 – Updated: 2026-06-26 15:39
VLAI
EPSS
VEX
Title
WordPress Live Copy Paste for Elementor plugin <= 1.5.3 - Broken Access Control vulnerability
Summary
Contributor Broken Access Control in Live Copy Paste for Elementor <= 1.5.3 versions.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/wordpress/plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| bdthemes | Live Copy Paste for Elementor |
Affected:
n/a , ≤ 1.5.3
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-63079",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-26T15:39:32.778291Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T15:39:39.696Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "live-copy-paste",
"product": "Live Copy Paste for Elementor",
"vendor": "bdthemes",
"versions": [
{
"lessThanOrEqual": "1.5.3",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "MD ISMAIL | Patchstack Bug Bounty Program"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Contributor Broken Access Control in Live Copy Paste for Elementor \u003c= 1.5.3 versions."
}
],
"value": "Contributor Broken Access Control in Live Copy Paste for Elementor \u003c= 1.5.3 versions."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T14:52:11.918Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/live-copy-paste/vulnerability/wordpress-live-copy-paste-for-elementor-plugin-1-5-3-broken-access-control-vulnerability?_s_id=cve"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Live Copy Paste for Elementor plugin \u003c= 1.5.3 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-63079",
"datePublished": "2026-06-26T14:52:11.918Z",
"dateReserved": "2025-10-24T14:26:55.390Z",
"dateUpdated": "2026-06-26T15:39:39.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-52705 (GCVE-0-2026-52705)
Vulnerability from cvelistv5 – Published: 2026-06-17 09:51 – Updated: 2026-06-17 15:34
VLAI
EPSS
VEX
Title
WordPress SigmaForms Pro – AI Generated Forms plugin <= 1.4.5 - Arbitrary File Upload vulnerability
Summary
Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms <= 1.4.5 versions.
Severity
9 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/wordpress/plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BDthemes | SigmaForms Pro – AI Generated Forms |
Affected:
n/a , ≤ 1.4.5
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-52705",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-17T15:20:42.452359Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T15:34:30.929Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "sigmaforms-pro",
"product": "SigmaForms Pro \u2013 AI Generated Forms",
"vendor": "BDthemes",
"versions": [
{
"changes": [
{
"at": "1.4.6",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.4.5",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nguyen Ba Khanh | Patchstack Bug Bounty Program"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unauthenticated Arbitrary File Upload in SigmaForms Pro \u2013 AI Generated Forms \u003c= 1.4.5 versions."
}
],
"value": "Unauthenticated Arbitrary File Upload in SigmaForms Pro \u2013 AI Generated Forms \u003c= 1.4.5 versions."
}
],
"impacts": [
{
"capecId": "CAPEC-253",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-253 Remote Code Inclusion"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T09:51:31.066Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/sigmaforms-pro/vulnerability/wordpress-sigmaforms-pro-ai-generated-forms-plugin-1-4-5-arbitrary-file-upload-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress SigmaForms Pro \u2013 AI Generated Forms Plugin to the latest available version (at least 1.4.6)."
}
],
"value": "Update the WordPress SigmaForms Pro \u2013 AI Generated Forms Plugin to the latest available version (at least 1.4.6)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress SigmaForms Pro \u2013 AI Generated Forms plugin \u003c= 1.4.5 - Arbitrary File Upload vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-52705",
"datePublished": "2026-06-17T09:51:31.066Z",
"dateReserved": "2026-06-08T10:11:13.730Z",
"dateUpdated": "2026-06-17T15:34:30.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40721 (GCVE-0-2026-40721)
Vulnerability from cvelistv5 – Published: 2026-06-17 09:50 – Updated: 2026-06-17 15:28
VLAI
EPSS
VEX
Title
WordPress Element Pack Pro plugin <= 9.0.6 - Local File Inclusion vulnerability
Summary
Contributor Local File Inclusion in Element Pack Pro <= 9.0.6 versions.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/wordpress/plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BdThemes | Element Pack Pro |
Affected:
n/a , ≤ 9.0.6
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40721",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-17T15:24:40.888877Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T15:28:01.788Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "bdthemes-element-pack",
"product": "Element Pack Pro",
"vendor": "BdThemes",
"versions": [
{
"changes": [
{
"at": "9.1.0",
"status": "unaffected"
}
],
"lessThanOrEqual": "9.0.6",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Phat RiO | Patchstack Bug Bounty Program"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Contributor Local File Inclusion in Element Pack Pro \u003c= 9.0.6 versions."
}
],
"value": "Contributor Local File Inclusion in Element Pack Pro \u003c= 9.0.6 versions."
}
],
"impacts": [
{
"capecId": "CAPEC-252",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-252 PHP Local File Inclusion"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-98",
"description": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T09:50:56.955Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/bdthemes-element-pack/vulnerability/wordpress-element-pack-pro-plugin-9-0-6-local-file-inclusion-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress Element Pack Pro Plugin to the latest available version (at least 9.1.0)."
}
],
"value": "Update the WordPress Element Pack Pro Plugin to the latest available version (at least 9.1.0)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Element Pack Pro plugin \u003c= 9.0.6 - Local File Inclusion vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-40721",
"datePublished": "2026-06-17T09:50:56.955Z",
"dateReserved": "2026-04-15T09:19:20.452Z",
"dateUpdated": "2026-06-17T15:28:01.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40745 (GCVE-0-2026-40745)
Vulnerability from cvelistv5 – Published: 2026-04-15 10:21 – Updated: 2026-04-29 09:52
VLAI
EPSS
VEX
Title
WordPress Element Pack Elementor Addons plugin <= 8.4.2 - SQL Injection vulnerability
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Blind SQL Injection.This issue affects Element Pack Elementor Addons: from n/a through <= 8.4.2.
Severity
7.6 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| bdthemes | Element Pack Elementor Addons |
Affected:
0 , ≤ 8.4.2
(custom)
|
Date Public
2026-04-15 12:20
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-40745",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T15:24:24.705346Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T15:24:28.512Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "bdthemes-element-pack-lite",
"product": "Element Pack Elementor Addons",
"vendor": "bdthemes",
"versions": [
{
"changes": [
{
"at": "8.5.0",
"status": "unaffected"
}
],
"lessThanOrEqual": "8.4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "daroo | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-15T12:20:47.541Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Blind SQL Injection.\u003cp\u003eThis issue affects Element Pack Elementor Addons: from n/a through \u003c= 8.4.2.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Blind SQL Injection.This issue affects Element Pack Elementor Addons: from n/a through \u003c= 8.4.2."
}
],
"impacts": [
{
"capecId": "CAPEC-7",
"descriptions": [
{
"lang": "en",
"value": "Blind SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T09:52:04.829Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/bdthemes-element-pack-lite/vulnerability/wordpress-element-pack-elementor-addons-plugin-8-4-2-sql-injection-vulnerability?_s_id=cve"
}
],
"title": "WordPress Element Pack Elementor Addons plugin \u003c= 8.4.2 - SQL Injection vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-40745",
"datePublished": "2026-04-15T10:21:34.904Z",
"dateReserved": "2026-04-15T09:19:38.195Z",
"dateUpdated": "2026-04-29T09:52:04.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4655 (GCVE-0-2026-4655)
Vulnerability from cvelistv5 – Published: 2026-04-08 07:43 – Updated: 2026-04-08 16:34
VLAI
EPSS
VEX
Title
Element Pack Addons for Elementor <= 8.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Image Widget
Summary
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG Image Widget in versions up to and including 8.4.2. This is due to insufficient input sanitization and output escaping on SVG content fetched from remote URLs in the render_svg() function. The function fetches SVG content using wp_safe_remote_get() and then directly echoes it to the page without any sanitization, only applying a preg_replace() to add attributes to the SVG tag which does not remove malicious event handlers. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary JavaScript in SVG files that will execute whenever a user accesses a page containing the malicious widget.
Severity
6.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
8 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| bdthemes | Element Pack – Widgets, Templates & Addons for Elementor |
Affected:
0 , ≤ 8.4.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4655",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-08T14:47:21.778238Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:13:47.385Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Element Pack \u2013 Widgets, Templates \u0026 Addons for Elementor",
"vendor": "bdthemes",
"versions": [
{
"lessThanOrEqual": "8.4.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Craig Smith"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG Image Widget in versions up to and including 8.4.2. This is due to insufficient input sanitization and output escaping on SVG content fetched from remote URLs in the render_svg() function. The function fetches SVG content using wp_safe_remote_get() and then directly echoes it to the page without any sanitization, only applying a preg_replace() to add attributes to the SVG tag which does not remove malicious event handlers. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary JavaScript in SVG files that will execute whenever a user accesses a page containing the malicious widget."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:34:12.756Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0838f085-8ff7-4c6a-bd5b-af99f666377b?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/bdthemes-element-pack-lite/trunk/modules/svg-image/widgets/svg-image.php#L1028"
},
{
"url": "https://plugins.trac.wordpress.org/browser/bdthemes-element-pack-lite/tags/8.4.2/modules/svg-image/widgets/svg-image.php#L1028"
},
{
"url": "https://plugins.trac.wordpress.org/browser/bdthemes-element-pack-lite/trunk/modules/svg-image/widgets/svg-image.php#L989-L1033"
},
{
"url": "https://plugins.trac.wordpress.org/browser/bdthemes-element-pack-lite/tags/8.4.2/modules/svg-image/widgets/svg-image.php#L989-L1033"
},
{
"url": "https://plugins.trac.wordpress.org/browser/bdthemes-element-pack-lite/trunk/modules/svg-image/widgets/svg-image.php#L1063-L1129"
},
{
"url": "https://plugins.trac.wordpress.org/browser/bdthemes-element-pack-lite/tags/8.4.2/modules/svg-image/widgets/svg-image.php#L1063-L1129"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3494214%40bdthemes-element-pack-lite\u0026new=3494214%40bdthemes-element-pack-lite\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-23T15:17:50.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-04-07T19:36:01.000Z",
"value": "Disclosed"
}
],
"title": "Element Pack Addons for Elementor \u003c= 8.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Image Widget"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-4655",
"datePublished": "2026-04-08T07:43:00.898Z",
"dateReserved": "2026-03-23T15:02:38.592Z",
"dateUpdated": "2026-04-08T16:34:12.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4341 (GCVE-0-2026-4341)
Vulnerability from cvelistv5 – Published: 2026-04-08 03:36 – Updated: 2026-04-08 16:50
VLAI
EPSS
VEX
Title
Prime Slider <= 4.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'follow_us_text' Parameter
Summary
The Prime Slider – Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'follow_us_text' setting of the Mount widget in all versions up to, and including, 4.1.10. This is due to insufficient input sanitization and output escaping. Specifically, the `render_social_link()` function in `modules/mount/widgets/mount.php` outputs the `follow_us_text` Elementor widget setting using `echo` without any escaping function. The setting value is stored in `_elementor_data` post meta via `update_post_meta`. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity
6.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
6 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| bdthemes | Prime Slider – Addons for Elementor |
Affected:
0 , ≤ 4.1.10
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4341",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-08T15:56:04.299674Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T15:56:17.804Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Prime Slider \u2013 Addons for Elementor",
"vendor": "bdthemes",
"versions": [
{
"lessThanOrEqual": "4.1.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Athiwat Tiprasaharn"
},
{
"lang": "en",
"type": "finder",
"value": "Itthidej Aramsri"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Prime Slider \u2013 Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u0027follow_us_text\u0027 setting of the Mount widget in all versions up to, and including, 4.1.10. This is due to insufficient input sanitization and output escaping. Specifically, the `render_social_link()` function in `modules/mount/widgets/mount.php` outputs the `follow_us_text` Elementor widget setting using `echo` without any escaping function. The setting value is stored in `_elementor_data` post meta via `update_post_meta`. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:50:40.549Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4a2ef416-4354-4e09-b9be-e36c1f655110?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/bdthemes-prime-slider-lite/trunk/modules/mount/widgets/mount.php#L1027"
},
{
"url": "https://plugins.trac.wordpress.org/browser/bdthemes-prime-slider-lite/tags/4.1.9/modules/mount/widgets/mount.php#L1027"
},
{
"url": "https://plugins.trac.wordpress.org/browser/bdthemes-prime-slider-lite/trunk/modules/mount/widgets/mount.php#L230"
},
{
"url": "https://plugins.trac.wordpress.org/browser/bdthemes-prime-slider-lite/tags/4.1.9/modules/mount/widgets/mount.php#L230"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3493676%40bdthemes-prime-slider-lite\u0026new=3493676%40bdthemes-prime-slider-lite\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-17T15:47:39.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-04-07T15:20:50.000Z",
"value": "Disclosed"
}
],
"title": "Prime Slider \u003c= 4.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via \u0027follow_us_text\u0027 Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-4341",
"datePublished": "2026-04-08T03:36:08.934Z",
"dateReserved": "2026-03-17T15:32:13.723Z",
"dateUpdated": "2026-04-08T16:50:40.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24362 (GCVE-0-2026-24362)
Vulnerability from cvelistv5 – Published: 2026-03-25 16:14 – Updated: 2026-04-28 16:14
VLAI
EPSS
VEX
Title
WordPress Ultimate Post Kit plugin <= 4.0.21 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in bdthemes Ultimate Post Kit ultimate-post-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Post Kit: from n/a through <= 4.0.21.
Severity
6.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| bdthemes | Ultimate Post Kit |
Affected:
0 , ≤ 4.0.21
(custom)
|
Date Public
2026-04-22 14:18
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24362",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-27T17:51:54.294893Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T01:49:39.240Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "ultimate-post-kit",
"product": "Ultimate Post Kit",
"vendor": "bdthemes",
"versions": [
{
"changes": [
{
"at": "4.0.22",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.0.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "0xd4rk5id3 | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-22T14:18:29.982Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in bdthemes Ultimate Post Kit ultimate-post-kit allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects Ultimate Post Kit: from n/a through \u003c= 4.0.21.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in bdthemes Ultimate Post Kit ultimate-post-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Post Kit: from n/a through \u003c= 4.0.21."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:14:48.017Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/ultimate-post-kit/vulnerability/wordpress-ultimate-post-kit-plugin-4-0-21-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "WordPress Ultimate Post Kit plugin \u003c= 4.0.21 - Broken Access Control vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-24362",
"datePublished": "2026-03-25T16:14:31.201Z",
"dateReserved": "2026-01-22T14:42:24.567Z",
"dateUpdated": "2026-04-28T16:14:48.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1793 (GCVE-0-2026-1793)
Vulnerability from cvelistv5 – Published: 2026-02-15 03:24 – Updated: 2026-04-08 16:54
VLAI
EPSS
VEX
Title
Element Pack Addons for Elementor <= 8.3.17 - Authenticated (Contributor+) Arbitrary File Read
Summary
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 8.3.17 via the SVG widget and a lack of sufficient file validation in the 'render_svg' function. This makes it possible for authenticated attackers, with contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| bdthemes | Element Pack – Widgets, Templates & Addons for Elementor |
Affected:
0 , ≤ 8.3.17
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1793",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T21:16:13.353705Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T21:16:22.341Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Element Pack \u2013 Widgets, Templates \u0026 Addons for Elementor",
"vendor": "bdthemes",
"versions": [
{
"lessThanOrEqual": "8.3.17",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chiao-Lin Yu"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Element Pack Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 8.3.17 via the SVG widget and a lack of sufficient file validation in the \u0027render_svg\u0027 function. This makes it possible for authenticated attackers, with contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:54:39.864Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/58f9bef5-6596-40b2-bcb6-d686e87d8d8f?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/bdthemes-element-pack-lite/tags/8.3.16/modules/svg-image/widgets/svg-image.php#L850"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3452826/bdthemes-element-pack-lite#file1135"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-03T08:39:05.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-02-14T14:34:00.000Z",
"value": "Disclosed"
}
],
"title": "Element Pack Addons for Elementor \u003c= 8.3.17 - Authenticated (Contributor+) Arbitrary File Read"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-1793",
"datePublished": "2026-02-15T03:24:34.335Z",
"dateReserved": "2026-02-03T08:23:17.991Z",
"dateUpdated": "2026-04-08T16:54:39.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-31413 (GCVE-0-2025-31413)
Vulnerability from cvelistv5 – Published: 2026-01-22 16:51 – Updated: 2026-04-28 16:12
VLAI
EPSS
VEX
Title
WordPress Element Pack Elementor Addons plugin <= 8.3.13 - Cross Site Request Forgery (CSRF) vulnerability
Summary
Cross-Site Request Forgery (CSRF) vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Cross Site Request Forgery.This issue affects Element Pack Elementor Addons: from n/a through <= 8.3.13.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| bdthemes | Element Pack Elementor Addons |
Affected:
0 , ≤ 8.3.13
(custom)
|
Date Public
2026-04-22 14:21
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31413",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-26T22:02:04.642517Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T15:51:29.810Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "bdthemes-element-pack-lite",
"product": "Element Pack Elementor Addons",
"vendor": "bdthemes",
"versions": [
{
"changes": [
{
"at": "8.3.14",
"status": "unaffected"
}
],
"lessThanOrEqual": "8.3.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Arif Shaikh | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-22T14:21:48.811Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Cross Site Request Forgery.\u003cp\u003eThis issue affects Element Pack Elementor Addons: from n/a through \u003c= 8.3.13.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Cross Site Request Forgery.This issue affects Element Pack Elementor Addons: from n/a through \u003c= 8.3.13."
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:12:06.898Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/bdthemes-element-pack-lite/vulnerability/wordpress-element-pack-elementor-addons-plugin-8-3-13-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"title": "WordPress Element Pack Elementor Addons plugin \u003c= 8.3.13 - Cross Site Request Forgery (CSRF) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-31413",
"datePublished": "2026-01-22T16:51:38.938Z",
"dateReserved": "2025-03-28T10:59:52.731Z",
"dateUpdated": "2026-04-28T16:12:06.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0808 (GCVE-0-2026-0808)
Vulnerability from cvelistv5 – Published: 2026-01-17 06:42 – Updated: 2026-04-08 17:19
VLAI
EPSS
VEX
Title
Spin Wheel <= 2.1.0 - Unauthenticated Client-Side Prize Manipulation via 'prize_index' Parameter
Summary
The Spin Wheel plugin for WordPress is vulnerable to client-side prize manipulation in all versions up to, and including, 2.1.0. This is due to the plugin trusting client-supplied prize selection data without server-side validation or randomization. This makes it possible for unauthenticated attackers to manipulate which prize they win by modifying the 'prize_index' parameter sent to the server, allowing them to always select the most valuable prizes.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-602 - Client-Side Enforcement of Server-Side Security
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| bdthemes | Spin Wheel – Interactive spinning wheel that offers coupons |
Affected:
0 , ≤ 2.1.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0808",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-20T18:27:06.693798Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T18:27:18.935Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spin Wheel \u2013 Interactive spinning wheel that offers coupons",
"vendor": "bdthemes",
"versions": [
{
"lessThanOrEqual": "2.1.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "jason carle"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Spin Wheel plugin for WordPress is vulnerable to client-side prize manipulation in all versions up to, and including, 2.1.0. This is due to the plugin trusting client-supplied prize selection data without server-side validation or randomization. This makes it possible for unauthenticated attackers to manipulate which prize they win by modifying the \u0027prize_index\u0027 parameter sent to the server, allowing them to always select the most valuable prizes."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "CWE-602 Client-Side Enforcement of Server-Side Security",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:19:33.408Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c023b91e-f633-41a6-b2d7-bcb3f1d026b7?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/spin-wheel/trunk/includes/class-swp-ajax.php#L73"
},
{
"url": "https://plugins.trac.wordpress.org/browser/spin-wheel/tags/2.0.2/includes/class-swp-ajax.php#L73"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3437726%40spin-wheel\u0026new=3437726%40spin-wheel\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-09T14:51:52.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-01-16T18:09:30.000Z",
"value": "Disclosed"
}
],
"title": "Spin Wheel \u003c= 2.1.0 - Unauthenticated Client-Side Prize Manipulation via \u0027prize_index\u0027 Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-0808",
"datePublished": "2026-01-17T06:42:20.697Z",
"dateReserved": "2026-01-09T14:36:32.229Z",
"dateUpdated": "2026-04-08T17:19:33.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-69336 (GCVE-0-2025-69336)
Vulnerability from cvelistv5 – Published: 2026-01-06 16:36 – Updated: 2026-04-28 20:53
VLAI
EPSS
VEX
Title
WordPress Ultimate Store Kit Elementor Addons plugin <= 2.9.4 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in bdthemes Ultimate Store Kit Elementor Addons ultimate-store-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Store Kit Elementor Addons: from n/a through <= 2.9.4.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| bdthemes | Ultimate Store Kit Elementor Addons |
Affected:
0 , ≤ 2.9.4
(custom)
|
Date Public
2026-04-01 16:03
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-69336",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-06T16:58:18.190934Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T20:53:47.170Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "ultimate-store-kit",
"product": "Ultimate Store Kit Elementor Addons",
"vendor": "bdthemes",
"versions": [
{
"changes": [
{
"at": "2.9.5",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.9.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Phat RiO | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:03:44.664Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in bdthemes Ultimate Store Kit Elementor Addons ultimate-store-kit allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects Ultimate Store Kit Elementor Addons: from n/a through \u003c= 2.9.4.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in bdthemes Ultimate Store Kit Elementor Addons ultimate-store-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Store Kit Elementor Addons: from n/a through \u003c= 2.9.4."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:14:37.819Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/ultimate-store-kit/vulnerability/wordpress-ultimate-store-kit-elementor-addons-plugin-2-9-4-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "WordPress Ultimate Store Kit Elementor Addons plugin \u003c= 2.9.4 - Broken Access Control vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-69336",
"datePublished": "2026-01-06T16:36:38.740Z",
"dateReserved": "2025-12-31T20:12:23.433Z",
"dateUpdated": "2026-04-28T20:53:47.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68500 (GCVE-0-2025-68500)
Vulnerability from cvelistv5 – Published: 2025-12-24 12:31 – Updated: 2026-04-28 16:14
VLAI
EPSS
VEX
Title
WordPress Prime Slider – Addons For Elementor plugin <= 4.0.10 - Server Side Request Forgery (SSRF) vulnerability
Summary
Server-Side Request Forgery (SSRF) vulnerability in bdthemes Prime Slider – Addons For Elementor bdthemes-prime-slider-lite allows Server Side Request Forgery.This issue affects Prime Slider – Addons For Elementor: from n/a through <= 4.0.10.
Severity
4.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| bdthemes | Prime Slider – Addons For Elementor |
Affected:
0 , ≤ 4.0.10
(custom)
|
Date Public
2026-04-22 14:23
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68500",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-27T18:34:29.170464Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T18:34:31.699Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "bdthemes-prime-slider-lite",
"product": "Prime Slider \u2013 Addons For Elementor",
"vendor": "bdthemes",
"versions": [
{
"changes": [
{
"at": "4.1.0",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.0.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "NumeX | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-22T14:23:13.134Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Server-Side Request Forgery (SSRF) vulnerability in bdthemes Prime Slider \u2013 Addons For Elementor bdthemes-prime-slider-lite allows Server Side Request Forgery.\u003cp\u003eThis issue affects Prime Slider \u2013 Addons For Elementor: from n/a through \u003c= 4.0.10.\u003c/p\u003e"
}
],
"value": "Server-Side Request Forgery (SSRF) vulnerability in bdthemes Prime Slider \u2013 Addons For Elementor bdthemes-prime-slider-lite allows Server Side Request Forgery.This issue affects Prime Slider \u2013 Addons For Elementor: from n/a through \u003c= 4.0.10."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:14:28.870Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/bdthemes-prime-slider-lite/vulnerability/wordpress-prime-slider-addons-for-elementor-plugin-4-0-10-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
],
"title": "WordPress Prime Slider \u2013 Addons For Elementor plugin \u003c= 4.0.10 - Server Side Request Forgery (SSRF) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-68500",
"datePublished": "2025-12-24T12:31:20.426Z",
"dateReserved": "2025-12-19T10:16:41.921Z",
"dateUpdated": "2026-04-28T16:14:28.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14277 (GCVE-0-2025-14277)
Vulnerability from cvelistv5 – Published: 2025-12-18 12:22 – Updated: 2026-04-08 16:33
VLAI
EPSS
VEX
Title
Prime Slider – Addons for Elementor <= 4.0.9 - Authenticated (Subscriber+) Server-Side Request Forgery
Summary
The Prime Slider – Addons for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.9 via the import_elementor_template AJAX action. This makes it possible for authenticated attackers, with subscriber level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| bdthemes | Prime Slider – Addons for Elementor |
Affected:
0 , ≤ 4.0.9
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14277",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T14:36:06.650013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T14:36:18.403Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Prime Slider \u2013 Addons for Elementor",
"vendor": "bdthemes",
"versions": [
{
"lessThanOrEqual": "4.0.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Deadbee"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Prime Slider \u2013 Addons for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.9 via the import_elementor_template AJAX action. This makes it possible for authenticated attackers, with subscriber level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:33:48.365Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/069a56a1-ca17-43cc-a51f-51b6111f5b61?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3419222/bdthemes-prime-slider-lite"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-02T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-12-08T17:14:48.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-17T23:36:23.000Z",
"value": "Disclosed"
}
],
"title": "Prime Slider \u2013 Addons for Elementor \u003c= 4.0.9 - Authenticated (Subscriber+) Server-Side Request Forgery"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-14277",
"datePublished": "2025-12-18T12:22:26.139Z",
"dateReserved": "2025-12-08T16:58:57.189Z",
"dateUpdated": "2026-04-08T16:33:48.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13196 (GCVE-0-2025-13196)
Vulnerability from cvelistv5 – Published: 2025-11-18 09:27 – Updated: 2026-04-08 16:35
VLAI
EPSS
VEX
Title
Element Pack Addons for Elementor <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map widget
Summary
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Open Street Map widget's marker content parameter in all versions up to, and including, 8.3.4. This is due to insufficient input sanitization and output escaping on user-supplied attributes in the render function. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| bdthemes | Element Pack – Widgets, Templates & Addons for Elementor |
Affected:
0 , ≤ 8.3.4
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13196",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T21:32:58.756008Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T21:33:06.846Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Element Pack \u2013 Widgets, Templates \u0026 Addons for Elementor",
"vendor": "bdthemes",
"versions": [
{
"lessThanOrEqual": "8.3.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "D.Sim"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Open Street Map widget\u0027s marker content parameter in all versions up to, and including, 8.3.4. This is due to insufficient input sanitization and output escaping on user-supplied attributes in the render function. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:35:18.416Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0da6a080-260f-4b19-a32c-453d2781389a?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3396544%40bdthemes-element-pack-lite\u0026old=3395028%40bdthemes-element-pack-lite\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-06T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-11-14T16:12:36.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-11-17T20:54:12.000Z",
"value": "Disclosed"
}
],
"title": "Element Pack Addons for Elementor \u003c= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map widget"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13196",
"datePublished": "2025-11-18T09:27:36.191Z",
"dateReserved": "2025-11-14T15:55:22.425Z",
"dateUpdated": "2026-04-08T16:35:18.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-63079 (GCVE-0-2025-63079)
Vulnerability from nvd – Published: 2026-06-26 14:52 – Updated: 2026-06-26 15:39
VLAI
EPSS
VEX
Title
WordPress Live Copy Paste for Elementor plugin <= 1.5.3 - Broken Access Control vulnerability
Summary
Contributor Broken Access Control in Live Copy Paste for Elementor <= 1.5.3 versions.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/wordpress/plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| bdthemes | Live Copy Paste for Elementor |
Affected:
n/a , ≤ 1.5.3
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-63079",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-26T15:39:32.778291Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T15:39:39.696Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "live-copy-paste",
"product": "Live Copy Paste for Elementor",
"vendor": "bdthemes",
"versions": [
{
"lessThanOrEqual": "1.5.3",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "MD ISMAIL | Patchstack Bug Bounty Program"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Contributor Broken Access Control in Live Copy Paste for Elementor \u003c= 1.5.3 versions."
}
],
"value": "Contributor Broken Access Control in Live Copy Paste for Elementor \u003c= 1.5.3 versions."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T14:52:11.918Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/live-copy-paste/vulnerability/wordpress-live-copy-paste-for-elementor-plugin-1-5-3-broken-access-control-vulnerability?_s_id=cve"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Live Copy Paste for Elementor plugin \u003c= 1.5.3 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-63079",
"datePublished": "2026-06-26T14:52:11.918Z",
"dateReserved": "2025-10-24T14:26:55.390Z",
"dateUpdated": "2026-06-26T15:39:39.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-52705 (GCVE-0-2026-52705)
Vulnerability from nvd – Published: 2026-06-17 09:51 – Updated: 2026-06-17 15:34
VLAI
EPSS
VEX
Title
WordPress SigmaForms Pro – AI Generated Forms plugin <= 1.4.5 - Arbitrary File Upload vulnerability
Summary
Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms <= 1.4.5 versions.
Severity
9 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/wordpress/plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BDthemes | SigmaForms Pro – AI Generated Forms |
Affected:
n/a , ≤ 1.4.5
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-52705",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-17T15:20:42.452359Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T15:34:30.929Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "sigmaforms-pro",
"product": "SigmaForms Pro \u2013 AI Generated Forms",
"vendor": "BDthemes",
"versions": [
{
"changes": [
{
"at": "1.4.6",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.4.5",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nguyen Ba Khanh | Patchstack Bug Bounty Program"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unauthenticated Arbitrary File Upload in SigmaForms Pro \u2013 AI Generated Forms \u003c= 1.4.5 versions."
}
],
"value": "Unauthenticated Arbitrary File Upload in SigmaForms Pro \u2013 AI Generated Forms \u003c= 1.4.5 versions."
}
],
"impacts": [
{
"capecId": "CAPEC-253",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-253 Remote Code Inclusion"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T09:51:31.066Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/sigmaforms-pro/vulnerability/wordpress-sigmaforms-pro-ai-generated-forms-plugin-1-4-5-arbitrary-file-upload-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress SigmaForms Pro \u2013 AI Generated Forms Plugin to the latest available version (at least 1.4.6)."
}
],
"value": "Update the WordPress SigmaForms Pro \u2013 AI Generated Forms Plugin to the latest available version (at least 1.4.6)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress SigmaForms Pro \u2013 AI Generated Forms plugin \u003c= 1.4.5 - Arbitrary File Upload vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-52705",
"datePublished": "2026-06-17T09:51:31.066Z",
"dateReserved": "2026-06-08T10:11:13.730Z",
"dateUpdated": "2026-06-17T15:34:30.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40721 (GCVE-0-2026-40721)
Vulnerability from nvd – Published: 2026-06-17 09:50 – Updated: 2026-06-17 15:28
VLAI
EPSS
VEX
Title
WordPress Element Pack Pro plugin <= 9.0.6 - Local File Inclusion vulnerability
Summary
Contributor Local File Inclusion in Element Pack Pro <= 9.0.6 versions.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/wordpress/plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BdThemes | Element Pack Pro |
Affected:
n/a , ≤ 9.0.6
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40721",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-17T15:24:40.888877Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T15:28:01.788Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "bdthemes-element-pack",
"product": "Element Pack Pro",
"vendor": "BdThemes",
"versions": [
{
"changes": [
{
"at": "9.1.0",
"status": "unaffected"
}
],
"lessThanOrEqual": "9.0.6",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Phat RiO | Patchstack Bug Bounty Program"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Contributor Local File Inclusion in Element Pack Pro \u003c= 9.0.6 versions."
}
],
"value": "Contributor Local File Inclusion in Element Pack Pro \u003c= 9.0.6 versions."
}
],
"impacts": [
{
"capecId": "CAPEC-252",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-252 PHP Local File Inclusion"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-98",
"description": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T09:50:56.955Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/bdthemes-element-pack/vulnerability/wordpress-element-pack-pro-plugin-9-0-6-local-file-inclusion-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress Element Pack Pro Plugin to the latest available version (at least 9.1.0)."
}
],
"value": "Update the WordPress Element Pack Pro Plugin to the latest available version (at least 9.1.0)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Element Pack Pro plugin \u003c= 9.0.6 - Local File Inclusion vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-40721",
"datePublished": "2026-06-17T09:50:56.955Z",
"dateReserved": "2026-04-15T09:19:20.452Z",
"dateUpdated": "2026-06-17T15:28:01.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40745 (GCVE-0-2026-40745)
Vulnerability from nvd – Published: 2026-04-15 10:21 – Updated: 2026-04-29 09:52
VLAI
EPSS
VEX
Title
WordPress Element Pack Elementor Addons plugin <= 8.4.2 - SQL Injection vulnerability
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Blind SQL Injection.This issue affects Element Pack Elementor Addons: from n/a through <= 8.4.2.
Severity
7.6 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| bdthemes | Element Pack Elementor Addons |
Affected:
0 , ≤ 8.4.2
(custom)
|
Date Public
2026-04-15 12:20
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-40745",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T15:24:24.705346Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T15:24:28.512Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "bdthemes-element-pack-lite",
"product": "Element Pack Elementor Addons",
"vendor": "bdthemes",
"versions": [
{
"changes": [
{
"at": "8.5.0",
"status": "unaffected"
}
],
"lessThanOrEqual": "8.4.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "daroo | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-15T12:20:47.541Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Blind SQL Injection.\u003cp\u003eThis issue affects Element Pack Elementor Addons: from n/a through \u003c= 8.4.2.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Blind SQL Injection.This issue affects Element Pack Elementor Addons: from n/a through \u003c= 8.4.2."
}
],
"impacts": [
{
"capecId": "CAPEC-7",
"descriptions": [
{
"lang": "en",
"value": "Blind SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T09:52:04.829Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/bdthemes-element-pack-lite/vulnerability/wordpress-element-pack-elementor-addons-plugin-8-4-2-sql-injection-vulnerability?_s_id=cve"
}
],
"title": "WordPress Element Pack Elementor Addons plugin \u003c= 8.4.2 - SQL Injection vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-40745",
"datePublished": "2026-04-15T10:21:34.904Z",
"dateReserved": "2026-04-15T09:19:38.195Z",
"dateUpdated": "2026-04-29T09:52:04.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4655 (GCVE-0-2026-4655)
Vulnerability from nvd – Published: 2026-04-08 07:43 – Updated: 2026-04-08 16:34
VLAI
EPSS
VEX
Title
Element Pack Addons for Elementor <= 8.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Image Widget
Summary
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG Image Widget in versions up to and including 8.4.2. This is due to insufficient input sanitization and output escaping on SVG content fetched from remote URLs in the render_svg() function. The function fetches SVG content using wp_safe_remote_get() and then directly echoes it to the page without any sanitization, only applying a preg_replace() to add attributes to the SVG tag which does not remove malicious event handlers. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary JavaScript in SVG files that will execute whenever a user accesses a page containing the malicious widget.
Severity
6.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
8 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| bdthemes | Element Pack – Widgets, Templates & Addons for Elementor |
Affected:
0 , ≤ 8.4.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4655",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-08T14:47:21.778238Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:13:47.385Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Element Pack \u2013 Widgets, Templates \u0026 Addons for Elementor",
"vendor": "bdthemes",
"versions": [
{
"lessThanOrEqual": "8.4.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Craig Smith"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG Image Widget in versions up to and including 8.4.2. This is due to insufficient input sanitization and output escaping on SVG content fetched from remote URLs in the render_svg() function. The function fetches SVG content using wp_safe_remote_get() and then directly echoes it to the page without any sanitization, only applying a preg_replace() to add attributes to the SVG tag which does not remove malicious event handlers. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary JavaScript in SVG files that will execute whenever a user accesses a page containing the malicious widget."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:34:12.756Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0838f085-8ff7-4c6a-bd5b-af99f666377b?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/bdthemes-element-pack-lite/trunk/modules/svg-image/widgets/svg-image.php#L1028"
},
{
"url": "https://plugins.trac.wordpress.org/browser/bdthemes-element-pack-lite/tags/8.4.2/modules/svg-image/widgets/svg-image.php#L1028"
},
{
"url": "https://plugins.trac.wordpress.org/browser/bdthemes-element-pack-lite/trunk/modules/svg-image/widgets/svg-image.php#L989-L1033"
},
{
"url": "https://plugins.trac.wordpress.org/browser/bdthemes-element-pack-lite/tags/8.4.2/modules/svg-image/widgets/svg-image.php#L989-L1033"
},
{
"url": "https://plugins.trac.wordpress.org/browser/bdthemes-element-pack-lite/trunk/modules/svg-image/widgets/svg-image.php#L1063-L1129"
},
{
"url": "https://plugins.trac.wordpress.org/browser/bdthemes-element-pack-lite/tags/8.4.2/modules/svg-image/widgets/svg-image.php#L1063-L1129"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3494214%40bdthemes-element-pack-lite\u0026new=3494214%40bdthemes-element-pack-lite\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-23T15:17:50.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-04-07T19:36:01.000Z",
"value": "Disclosed"
}
],
"title": "Element Pack Addons for Elementor \u003c= 8.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Image Widget"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-4655",
"datePublished": "2026-04-08T07:43:00.898Z",
"dateReserved": "2026-03-23T15:02:38.592Z",
"dateUpdated": "2026-04-08T16:34:12.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4341 (GCVE-0-2026-4341)
Vulnerability from nvd – Published: 2026-04-08 03:36 – Updated: 2026-04-08 16:50
VLAI
EPSS
VEX
Title
Prime Slider <= 4.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'follow_us_text' Parameter
Summary
The Prime Slider – Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'follow_us_text' setting of the Mount widget in all versions up to, and including, 4.1.10. This is due to insufficient input sanitization and output escaping. Specifically, the `render_social_link()` function in `modules/mount/widgets/mount.php` outputs the `follow_us_text` Elementor widget setting using `echo` without any escaping function. The setting value is stored in `_elementor_data` post meta via `update_post_meta`. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity
6.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
6 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| bdthemes | Prime Slider – Addons for Elementor |
Affected:
0 , ≤ 4.1.10
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4341",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-08T15:56:04.299674Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T15:56:17.804Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Prime Slider \u2013 Addons for Elementor",
"vendor": "bdthemes",
"versions": [
{
"lessThanOrEqual": "4.1.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Athiwat Tiprasaharn"
},
{
"lang": "en",
"type": "finder",
"value": "Itthidej Aramsri"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Prime Slider \u2013 Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u0027follow_us_text\u0027 setting of the Mount widget in all versions up to, and including, 4.1.10. This is due to insufficient input sanitization and output escaping. Specifically, the `render_social_link()` function in `modules/mount/widgets/mount.php` outputs the `follow_us_text` Elementor widget setting using `echo` without any escaping function. The setting value is stored in `_elementor_data` post meta via `update_post_meta`. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:50:40.549Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4a2ef416-4354-4e09-b9be-e36c1f655110?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/bdthemes-prime-slider-lite/trunk/modules/mount/widgets/mount.php#L1027"
},
{
"url": "https://plugins.trac.wordpress.org/browser/bdthemes-prime-slider-lite/tags/4.1.9/modules/mount/widgets/mount.php#L1027"
},
{
"url": "https://plugins.trac.wordpress.org/browser/bdthemes-prime-slider-lite/trunk/modules/mount/widgets/mount.php#L230"
},
{
"url": "https://plugins.trac.wordpress.org/browser/bdthemes-prime-slider-lite/tags/4.1.9/modules/mount/widgets/mount.php#L230"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3493676%40bdthemes-prime-slider-lite\u0026new=3493676%40bdthemes-prime-slider-lite\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-17T15:47:39.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-04-07T15:20:50.000Z",
"value": "Disclosed"
}
],
"title": "Prime Slider \u003c= 4.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via \u0027follow_us_text\u0027 Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-4341",
"datePublished": "2026-04-08T03:36:08.934Z",
"dateReserved": "2026-03-17T15:32:13.723Z",
"dateUpdated": "2026-04-08T16:50:40.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24362 (GCVE-0-2026-24362)
Vulnerability from nvd – Published: 2026-03-25 16:14 – Updated: 2026-04-28 16:14
VLAI
EPSS
VEX
Title
WordPress Ultimate Post Kit plugin <= 4.0.21 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in bdthemes Ultimate Post Kit ultimate-post-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Post Kit: from n/a through <= 4.0.21.
Severity
6.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| bdthemes | Ultimate Post Kit |
Affected:
0 , ≤ 4.0.21
(custom)
|
Date Public
2026-04-22 14:18
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24362",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-27T17:51:54.294893Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T01:49:39.240Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "ultimate-post-kit",
"product": "Ultimate Post Kit",
"vendor": "bdthemes",
"versions": [
{
"changes": [
{
"at": "4.0.22",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.0.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "0xd4rk5id3 | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-22T14:18:29.982Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in bdthemes Ultimate Post Kit ultimate-post-kit allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects Ultimate Post Kit: from n/a through \u003c= 4.0.21.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in bdthemes Ultimate Post Kit ultimate-post-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Post Kit: from n/a through \u003c= 4.0.21."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:14:48.017Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/ultimate-post-kit/vulnerability/wordpress-ultimate-post-kit-plugin-4-0-21-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "WordPress Ultimate Post Kit plugin \u003c= 4.0.21 - Broken Access Control vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-24362",
"datePublished": "2026-03-25T16:14:31.201Z",
"dateReserved": "2026-01-22T14:42:24.567Z",
"dateUpdated": "2026-04-28T16:14:48.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1793 (GCVE-0-2026-1793)
Vulnerability from nvd – Published: 2026-02-15 03:24 – Updated: 2026-04-08 16:54
VLAI
EPSS
VEX
Title
Element Pack Addons for Elementor <= 8.3.17 - Authenticated (Contributor+) Arbitrary File Read
Summary
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 8.3.17 via the SVG widget and a lack of sufficient file validation in the 'render_svg' function. This makes it possible for authenticated attackers, with contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| bdthemes | Element Pack – Widgets, Templates & Addons for Elementor |
Affected:
0 , ≤ 8.3.17
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1793",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T21:16:13.353705Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T21:16:22.341Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Element Pack \u2013 Widgets, Templates \u0026 Addons for Elementor",
"vendor": "bdthemes",
"versions": [
{
"lessThanOrEqual": "8.3.17",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chiao-Lin Yu"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Element Pack Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 8.3.17 via the SVG widget and a lack of sufficient file validation in the \u0027render_svg\u0027 function. This makes it possible for authenticated attackers, with contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:54:39.864Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/58f9bef5-6596-40b2-bcb6-d686e87d8d8f?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/bdthemes-element-pack-lite/tags/8.3.16/modules/svg-image/widgets/svg-image.php#L850"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3452826/bdthemes-element-pack-lite#file1135"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-03T08:39:05.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-02-14T14:34:00.000Z",
"value": "Disclosed"
}
],
"title": "Element Pack Addons for Elementor \u003c= 8.3.17 - Authenticated (Contributor+) Arbitrary File Read"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-1793",
"datePublished": "2026-02-15T03:24:34.335Z",
"dateReserved": "2026-02-03T08:23:17.991Z",
"dateUpdated": "2026-04-08T16:54:39.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-31413 (GCVE-0-2025-31413)
Vulnerability from nvd – Published: 2026-01-22 16:51 – Updated: 2026-04-28 16:12
VLAI
EPSS
VEX
Title
WordPress Element Pack Elementor Addons plugin <= 8.3.13 - Cross Site Request Forgery (CSRF) vulnerability
Summary
Cross-Site Request Forgery (CSRF) vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Cross Site Request Forgery.This issue affects Element Pack Elementor Addons: from n/a through <= 8.3.13.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| bdthemes | Element Pack Elementor Addons |
Affected:
0 , ≤ 8.3.13
(custom)
|
Date Public
2026-04-22 14:21
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31413",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-26T22:02:04.642517Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T15:51:29.810Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "bdthemes-element-pack-lite",
"product": "Element Pack Elementor Addons",
"vendor": "bdthemes",
"versions": [
{
"changes": [
{
"at": "8.3.14",
"status": "unaffected"
}
],
"lessThanOrEqual": "8.3.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Arif Shaikh | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-22T14:21:48.811Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Cross Site Request Forgery.\u003cp\u003eThis issue affects Element Pack Elementor Addons: from n/a through \u003c= 8.3.13.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Cross Site Request Forgery.This issue affects Element Pack Elementor Addons: from n/a through \u003c= 8.3.13."
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:12:06.898Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/bdthemes-element-pack-lite/vulnerability/wordpress-element-pack-elementor-addons-plugin-8-3-13-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"title": "WordPress Element Pack Elementor Addons plugin \u003c= 8.3.13 - Cross Site Request Forgery (CSRF) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-31413",
"datePublished": "2026-01-22T16:51:38.938Z",
"dateReserved": "2025-03-28T10:59:52.731Z",
"dateUpdated": "2026-04-28T16:12:06.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0808 (GCVE-0-2026-0808)
Vulnerability from nvd – Published: 2026-01-17 06:42 – Updated: 2026-04-08 17:19
VLAI
EPSS
VEX
Title
Spin Wheel <= 2.1.0 - Unauthenticated Client-Side Prize Manipulation via 'prize_index' Parameter
Summary
The Spin Wheel plugin for WordPress is vulnerable to client-side prize manipulation in all versions up to, and including, 2.1.0. This is due to the plugin trusting client-supplied prize selection data without server-side validation or randomization. This makes it possible for unauthenticated attackers to manipulate which prize they win by modifying the 'prize_index' parameter sent to the server, allowing them to always select the most valuable prizes.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-602 - Client-Side Enforcement of Server-Side Security
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| bdthemes | Spin Wheel – Interactive spinning wheel that offers coupons |
Affected:
0 , ≤ 2.1.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0808",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-20T18:27:06.693798Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T18:27:18.935Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spin Wheel \u2013 Interactive spinning wheel that offers coupons",
"vendor": "bdthemes",
"versions": [
{
"lessThanOrEqual": "2.1.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "jason carle"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Spin Wheel plugin for WordPress is vulnerable to client-side prize manipulation in all versions up to, and including, 2.1.0. This is due to the plugin trusting client-supplied prize selection data without server-side validation or randomization. This makes it possible for unauthenticated attackers to manipulate which prize they win by modifying the \u0027prize_index\u0027 parameter sent to the server, allowing them to always select the most valuable prizes."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "CWE-602 Client-Side Enforcement of Server-Side Security",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:19:33.408Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c023b91e-f633-41a6-b2d7-bcb3f1d026b7?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/spin-wheel/trunk/includes/class-swp-ajax.php#L73"
},
{
"url": "https://plugins.trac.wordpress.org/browser/spin-wheel/tags/2.0.2/includes/class-swp-ajax.php#L73"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3437726%40spin-wheel\u0026new=3437726%40spin-wheel\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-09T14:51:52.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-01-16T18:09:30.000Z",
"value": "Disclosed"
}
],
"title": "Spin Wheel \u003c= 2.1.0 - Unauthenticated Client-Side Prize Manipulation via \u0027prize_index\u0027 Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-0808",
"datePublished": "2026-01-17T06:42:20.697Z",
"dateReserved": "2026-01-09T14:36:32.229Z",
"dateUpdated": "2026-04-08T17:19:33.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-69336 (GCVE-0-2025-69336)
Vulnerability from nvd – Published: 2026-01-06 16:36 – Updated: 2026-04-28 20:53
VLAI
EPSS
VEX
Title
WordPress Ultimate Store Kit Elementor Addons plugin <= 2.9.4 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in bdthemes Ultimate Store Kit Elementor Addons ultimate-store-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Store Kit Elementor Addons: from n/a through <= 2.9.4.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| bdthemes | Ultimate Store Kit Elementor Addons |
Affected:
0 , ≤ 2.9.4
(custom)
|
Date Public
2026-04-01 16:03
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-69336",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-06T16:58:18.190934Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T20:53:47.170Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "ultimate-store-kit",
"product": "Ultimate Store Kit Elementor Addons",
"vendor": "bdthemes",
"versions": [
{
"changes": [
{
"at": "2.9.5",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.9.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Phat RiO | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:03:44.664Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in bdthemes Ultimate Store Kit Elementor Addons ultimate-store-kit allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects Ultimate Store Kit Elementor Addons: from n/a through \u003c= 2.9.4.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in bdthemes Ultimate Store Kit Elementor Addons ultimate-store-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Store Kit Elementor Addons: from n/a through \u003c= 2.9.4."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:14:37.819Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/ultimate-store-kit/vulnerability/wordpress-ultimate-store-kit-elementor-addons-plugin-2-9-4-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "WordPress Ultimate Store Kit Elementor Addons plugin \u003c= 2.9.4 - Broken Access Control vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-69336",
"datePublished": "2026-01-06T16:36:38.740Z",
"dateReserved": "2025-12-31T20:12:23.433Z",
"dateUpdated": "2026-04-28T20:53:47.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68500 (GCVE-0-2025-68500)
Vulnerability from nvd – Published: 2025-12-24 12:31 – Updated: 2026-04-28 16:14
VLAI
EPSS
VEX
Title
WordPress Prime Slider – Addons For Elementor plugin <= 4.0.10 - Server Side Request Forgery (SSRF) vulnerability
Summary
Server-Side Request Forgery (SSRF) vulnerability in bdthemes Prime Slider – Addons For Elementor bdthemes-prime-slider-lite allows Server Side Request Forgery.This issue affects Prime Slider – Addons For Elementor: from n/a through <= 4.0.10.
Severity
4.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| bdthemes | Prime Slider – Addons For Elementor |
Affected:
0 , ≤ 4.0.10
(custom)
|
Date Public
2026-04-22 14:23
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68500",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-27T18:34:29.170464Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T18:34:31.699Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "bdthemes-prime-slider-lite",
"product": "Prime Slider \u2013 Addons For Elementor",
"vendor": "bdthemes",
"versions": [
{
"changes": [
{
"at": "4.1.0",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.0.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "NumeX | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-22T14:23:13.134Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Server-Side Request Forgery (SSRF) vulnerability in bdthemes Prime Slider \u2013 Addons For Elementor bdthemes-prime-slider-lite allows Server Side Request Forgery.\u003cp\u003eThis issue affects Prime Slider \u2013 Addons For Elementor: from n/a through \u003c= 4.0.10.\u003c/p\u003e"
}
],
"value": "Server-Side Request Forgery (SSRF) vulnerability in bdthemes Prime Slider \u2013 Addons For Elementor bdthemes-prime-slider-lite allows Server Side Request Forgery.This issue affects Prime Slider \u2013 Addons For Elementor: from n/a through \u003c= 4.0.10."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:14:28.870Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/bdthemes-prime-slider-lite/vulnerability/wordpress-prime-slider-addons-for-elementor-plugin-4-0-10-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
],
"title": "WordPress Prime Slider \u2013 Addons For Elementor plugin \u003c= 4.0.10 - Server Side Request Forgery (SSRF) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-68500",
"datePublished": "2025-12-24T12:31:20.426Z",
"dateReserved": "2025-12-19T10:16:41.921Z",
"dateUpdated": "2026-04-28T16:14:28.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14277 (GCVE-0-2025-14277)
Vulnerability from nvd – Published: 2025-12-18 12:22 – Updated: 2026-04-08 16:33
VLAI
EPSS
VEX
Title
Prime Slider – Addons for Elementor <= 4.0.9 - Authenticated (Subscriber+) Server-Side Request Forgery
Summary
The Prime Slider – Addons for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.9 via the import_elementor_template AJAX action. This makes it possible for authenticated attackers, with subscriber level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| bdthemes | Prime Slider – Addons for Elementor |
Affected:
0 , ≤ 4.0.9
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14277",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T14:36:06.650013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T14:36:18.403Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Prime Slider \u2013 Addons for Elementor",
"vendor": "bdthemes",
"versions": [
{
"lessThanOrEqual": "4.0.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Deadbee"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Prime Slider \u2013 Addons for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.9 via the import_elementor_template AJAX action. This makes it possible for authenticated attackers, with subscriber level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:33:48.365Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/069a56a1-ca17-43cc-a51f-51b6111f5b61?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3419222/bdthemes-prime-slider-lite"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-02T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-12-08T17:14:48.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-17T23:36:23.000Z",
"value": "Disclosed"
}
],
"title": "Prime Slider \u2013 Addons for Elementor \u003c= 4.0.9 - Authenticated (Subscriber+) Server-Side Request Forgery"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-14277",
"datePublished": "2025-12-18T12:22:26.139Z",
"dateReserved": "2025-12-08T16:58:57.189Z",
"dateUpdated": "2026-04-08T16:33:48.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13196 (GCVE-0-2025-13196)
Vulnerability from nvd – Published: 2025-11-18 09:27 – Updated: 2026-04-08 16:35
VLAI
EPSS
VEX
Title
Element Pack Addons for Elementor <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map widget
Summary
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Open Street Map widget's marker content parameter in all versions up to, and including, 8.3.4. This is due to insufficient input sanitization and output escaping on user-supplied attributes in the render function. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| bdthemes | Element Pack – Widgets, Templates & Addons for Elementor |
Affected:
0 , ≤ 8.3.4
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13196",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T21:32:58.756008Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T21:33:06.846Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Element Pack \u2013 Widgets, Templates \u0026 Addons for Elementor",
"vendor": "bdthemes",
"versions": [
{
"lessThanOrEqual": "8.3.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "D.Sim"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Open Street Map widget\u0027s marker content parameter in all versions up to, and including, 8.3.4. This is due to insufficient input sanitization and output escaping on user-supplied attributes in the render function. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:35:18.416Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0da6a080-260f-4b19-a32c-453d2781389a?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3396544%40bdthemes-element-pack-lite\u0026old=3395028%40bdthemes-element-pack-lite\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-06T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-11-14T16:12:36.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-11-17T20:54:12.000Z",
"value": "Disclosed"
}
],
"title": "Element Pack Addons for Elementor \u003c= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map widget"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13196",
"datePublished": "2025-11-18T09:27:36.191Z",
"dateReserved": "2025-11-14T15:55:22.425Z",
"dateUpdated": "2026-04-08T16:35:18.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12134 (GCVE-0-2025-12134)
Vulnerability from nvd – Published: 2025-10-24 09:23 – Updated: 2026-04-08 17:27
VLAI
EPSS
VEX
Title
ZoloBlocks <= 2.3.11 - Missing Authorization to Unauthenticated Popup Enable/Disable
Summary
The ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_popup_status() function in all versions up to, and including, 2.3.11. This makes it possible for unauthenticated attackers to enable/disable popups.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| bdthemes | ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns |
Affected:
0 , ≤ 2.3.11
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12134",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-24T12:19:00.747923Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-24T12:30:05.035Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ZoloBlocks \u2013 Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates \u0026 Patterns",
"vendor": "bdthemes",
"versions": [
{
"lessThanOrEqual": "2.3.11",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jamie Davies"
}
],
"descriptions": [
{
"lang": "en",
"value": "The ZoloBlocks \u2013 Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates \u0026 Patterns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_popup_status() function in all versions up to, and including, 2.3.11. This makes it possible for unauthenticated attackers to enable/disable popups."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:27:21.785Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/da9f89a2-f816-4445-8aea-11b622451ee9?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3377160"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-23T21:06:17.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-10-23T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "ZoloBlocks \u003c= 2.3.11 - Missing Authorization to Unauthenticated Popup Enable/Disable"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12134",
"datePublished": "2025-10-24T09:23:31.083Z",
"dateReserved": "2025-10-23T20:51:09.503Z",
"dateUpdated": "2026-04-08T17:27:21.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}