VYPR

Bdthemes Element Pack Lite

by WordPress

Source repositories

CVEs (5)

  • CVE-2026-4655MedApr 8, 2026
    risk 0.42cvss 6.4epss 0.00

    The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG Image Widget in versions up to and including 8.4.2. This is due to insufficient input sanitization and output escaping on SVG content fetched from remote URLs in…

  • CVE-2025-5292MedMay 31, 2025
    risk 0.35cvss 6.4epss 0.00

    The Element Pack Addons for Elementor – Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'marker_content’ parameter in all versions up to, and including, 5.11.2 due…

  • CVE-2025-11536MedOct 20, 2025
    risk 0.33cvss 5.0epss 0.00

    The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 8.2.5 via the wp_ajax_import_elementor_template action. This makes it possible for authenticated attackers, with Subscriber-level…

  • CVE-2025-31413MedJan 22, 2026
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Cross Site Request Forgery.This issue affects Element Pack Elementor Addons: from n/a through <= 8.3.13.

  • CVE-2024-10980Nov 29, 2024
    risk 0.00cvss epss 0.00

    The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) WordPress plugin before 5.10.3 does not validate and escape some of its Cookie Consent block options before outputting them back in a page/post where the block is embed,…