VYPR

Vendor CVEs

Bdthemes

All CVEs

49 total · sorted by risk
  • CVE-2024-52377CriNov 14, 2024
    risk 0.65cvss 10.0epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in bdthemes Instant Image Generator ai-image allows Upload a Web Shell to a Web Server.This issue affects Instant Image Generator: from n/a through <= 1.5.2.

  • CVE-2025-39588CriApr 17, 2025
    risk 0.64cvss 9.8epss 0.00

    Deserialization of Untrusted Data vulnerability in bdthemes Ultimate Store Kit Elementor Addons ultimate-store-kit allows Object Injection.This issue affects Ultimate Store Kit Elementor Addons: from n/a through <= 2.4.0.

  • CVE-2024-33568HigJun 4, 2024
    risk 0.55cvss 8.5epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Deserialization of Untrusted Data vulnerability in BdThemes Element Pack Pro allows Path Traversal, Object Injection.This issue affects Element Pack Pro: from n/a before 7.19.3.

  • CVE-2024-30496HigMar 29, 2024
    risk 0.55cvss 8.5epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BdThemes Element Pack Elementor Addons.This issue affects Element Pack Elementor Addons: from n/a through 5.5.3.

  • CVE-2026-40745HigApr 15, 2026
    risk 0.49cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Blind SQL Injection.This issue affects Element Pack Elementor Addons: from n/a through <= 8.4.2.

  • CVE-2024-32682HigApr 22, 2024
    risk 0.46cvss 7.1epss 0.01

    Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.13.2.

  • CVE-2025-58017MedSep 22, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bdthemes Ultimate Store Kit Elementor Addons ultimate-store-kit allows Stored XSS.This issue affects Ultimate Store Kit Elementor Addons: from n/a through <= 2.8.6.

  • CVE-2025-32184MedApr 4, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bdthemes Ultimate Store Kit Elementor Addons ultimate-store-kit allows Stored XSS.This issue affects Ultimate Store Kit Elementor Addons: from n/a through <= 2.5.0.

  • CVE-2024-47392MedOct 5, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Stored XSS.This issue affects Element Pack Elementor Addons: from n/a through <= 5.7.5.

  • CVE-2024-47629MedOct 5, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bdthemes Ultimate Store Kit Elementor Addons ultimate-store-kit allows Stored XSS.This issue affects Ultimate Store Kit Elementor Addons: from n/a through <= 2.0.5.

  • CVE-2024-3997MedMay 23, 2024
    risk 0.42cvss 6.4epss 0.00

    The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pagepiling widget in all versions up to, and including, 3.14.1 due to insufficient input…

  • CVE-2024-4339MedMay 14, 2024
    risk 0.42cvss 6.4epss 0.00

    The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the General widget in all versions up to, and including, 3.14.3 due to insufficient input sanitization and…

  • CVE-2024-32572MedApr 18, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BdThemes Element Pack Elementor Addons allows Stored XSS.This issue affects Element Pack Elementor Addons: from n/a through 5.6.0.

  • CVE-2024-30186MedMar 27, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BdThemes Prime Slider – Addons For Elementor allows Stored XSS.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.13.1.

  • CVE-2024-30185MedMar 27, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BdThemes Element Pack Elementor Addons allows Stored XSS.This issue affects Element Pack Elementor Addons: from n/a through 5.5.3.

  • CVE-2025-46258MedJun 5, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in BdThemes Element Pack Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Element Pack Pro: from n/a before 8.0.0.

  • CVE-2024-4360MedAug 12, 2024
    risk 0.35cvss 6.4epss 0.00

    The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 5.7.6 due to insufficient input…

  • CVE-2024-4359MedAug 12, 2024
    risk 0.35cvss 6.5epss 0.01

    The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 5.7.2 via the SVG widget and a lack of sufficient file validation in the…

  • CVE-2024-4643MedAug 2, 2024
    risk 0.35cvss 6.4epss 0.00

    The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘end_redirect_link’ parameter in versions up to, and including, 5.7.1 due to insufficient…

  • CVE-2024-5555MedJul 18, 2024
    risk 0.35cvss 6.4epss 0.01

    The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘social-link-title’ parameter in all versions up to, and including, 5.6.5 due to insufficient…

  • CVE-2024-5554MedJul 18, 2024
    risk 0.35cvss 6.4epss 0.00

    The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘onclick_event’ parameter in all versions up to, and including, 5.6.11 due to insufficient…

  • CVE-2024-3925MedJun 12, 2024
    risk 0.35cvss 6.4epss 0.00

    The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 5.6.11 due to insufficient…

  • CVE-2024-5640MedJun 7, 2024
    risk 0.35cvss 6.4epss 0.00

    The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ attribute within the Pacific widget in all versions up to, and including, 3.14.7 due to…

  • CVE-2024-3926MedMay 22, 2024
    risk 0.35cvss 6.4epss 0.00

    The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom_attributes value in widgets in all versions up to, and including, 5.6.1 due to…

  • CVE-2024-4606MedMay 14, 2024
    risk 0.35cvss 5.4epss 0.00

    Deserialization of Untrusted Data vulnerability in BdThemes Ultimate Store Kit Elementor Addons.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.0.3.

  • CVE-2024-1730MedApr 20, 2024
    risk 0.35cvss 5.4epss 0.00

    The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via urls in link fields, images from URLs, and html…

  • CVE-2024-1429MedApr 18, 2024
    risk 0.35cvss 6.4epss 0.00

    The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tab_link’ attribute of the Panel Slider widget in all…

  • CVE-2024-1426MedApr 18, 2024
    risk 0.35cvss 6.4epss 0.00

    The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ attribute of the Price List widget in all…

  • CVE-2024-1428MedApr 6, 2024
    risk 0.35cvss 6.4epss 0.00

    The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘element_pack_wrapper_link’ attribute of the Trailer Box…

  • CVE-2024-0837MedApr 6, 2024
    risk 0.35cvss 6.4epss 0.00

    The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image URL parameter in all versions up to, and including,…

  • CVE-2024-1508MedMar 13, 2024
    risk 0.35cvss 6.4epss 0.00

    The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'settings['title_tags']' attribute of the Mercury widget in all versions up to, and including, 3.13.2 due to insufficient input sanitization and output escaping.…

  • CVE-2024-1507MedMar 13, 2024
    risk 0.35cvss 6.4epss 0.00

    The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title_tags' attribute of the Rubix widget in all versions up to, and including, 3.13.3 due to insufficient input sanitization and output escaping. This makes it…

  • CVE-2024-1506MedMar 7, 2024
    risk 0.35cvss 6.4epss 0.00

    The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title_tags' attribute of the Fiestar widget in all versions up to, and including, 3.13.1 due to insufficient input sanitization and output escaping. This makes it…

  • CVE-2025-31413MedJan 22, 2026
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Cross Site Request Forgery.This issue affects Element Pack Elementor Addons: from n/a through <= 8.3.13.

  • CVE-2025-69336MedJan 6, 2026
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in bdthemes Ultimate Store Kit Elementor Addons ultimate-store-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Store Kit Elementor Addons: from n/a through <= 2.9.4.

  • CVE-2025-46257MedJun 5, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in BdThemes Element Pack Pro allows Cross Site Request Forgery.This issue affects Element Pack Pro: from n/a before 8.0.0.

  • CVE-2025-24584MedJan 27, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in bdthemes Ultimate Store Kit Elementor Addons ultimate-store-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Store Kit Elementor Addons: from n/a through <= 2.3.0.

  • CVE-2024-32681MedApr 22, 2024
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.13.2.

  • CVE-2024-2966MedApr 11, 2024
    risk 0.28cvss 5.3epss 0.00

    The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.5.6 via the element_pack_ajax_search function. This makes it…

  • CVE-2024-24883MedApr 11, 2024
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.11.10.

  • CVE-2024-24840MedMar 23, 2024
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in BdThemes Element Pack Elementor Addons.This issue affects Element Pack Elementor Addons: from n/a through 5.4.11.

  • CVE-2024-3927MedMay 22, 2024
    risk 0.27cvss 5.3epss 0.00

    The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Form Submission Admin Email Bypass in all versions up to, and including, 5.6.3. This is due to the plugin not properly checking for…

  • CVE-2024-8030Aug 28, 2024
    risk 0.03cvss epss 0.01

    The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the _ultimate_store_kit_wishlist cookie in…

  • CVE-2024-5335Aug 21, 2024
    risk 0.01cvss epss 0.01

    The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the _ultimate_store_kit_compare_products…

  • CVE-2025-2168May 1, 2025
    risk 0.00cvss epss 0.00

    The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.1. This is due to…

  • CVE-2024-8442Nov 7, 2024
    risk 0.00cvss epss 0.00

    The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Blog widget in all versions up to, and including, 3.15.18 due to insufficient input sanitization…

  • CVE-2024-9657Nov 5, 2024
    risk 0.00cvss epss 0.00

    The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tooltip' parameter in all versions up to, and including, 5.10.2 due to insufficient input…

  • CVE-2024-43342Aug 18, 2024
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Stored XSS.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 1.6.4.

  • CVE-2024-39667Aug 1, 2024
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BdThemes Element Pack Elementor Addons allows Stored XSS.This issue affects Element Pack Elementor Addons: from n/a through 5.6.11.