| CVE-2025-7644 | Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery <= 1.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | bdthemes | Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery | Medium | 6.4 | 2025-07-22 04:25:08 | Deep Dive |
| CVE-2025-5944 | Element Pack Addons for Elementor <= 8.0.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via data-caption Attribute | bdthemes | Element Pack Elementor Addons and Templates | Medium | 6.4 | 2025-07-03 04:25:01 | Deep Dive |
| CVE-2025-46258 | WordPress Element Pack Pro Plugin < 8.0.0 - Broken Access Control vulnerability | BdThemes | Element Pack Pro | Medium | 5.4 | 2025-06-05 17:36:05 | Deep Dive |
| CVE-2025-46257 | WordPress Element Pack Pro Plugin < 8.0.0 - Cross Site Request Forgery (CSRF) vulnerability | BdThemes | Element Pack Pro | Medium | 4.3 | 2025-06-05 17:35:21 | Deep Dive |
| CVE-2025-5292 | Element Pack Addons for Elementor – Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder <= 5.11.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 6.4 | 2025-05-31 06:40:57 | Deep Dive |
| CVE-2025-2168 | Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 2.4.1 - Cross-Site Request Forgery to Limited User Meta Update | bdthemes | Ultimate Store Kit – Addon For WooCommerce, EDD and Elementor | Medium | 4.3 | 2025-05-01 03:23:40 | Deep Dive |
| CVE-2025-1458 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.29 - Authenticated (Contributor+) Stored Cross-Site Scripting | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 6.4 | 2025-04-26 05:34:23 | Deep Dive |
| CVE-2025-1457 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.28 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 6.4 | 2025-04-19 03:21:25 | Deep Dive |
| CVE-2025-39588 | WordPress Ultimate Store Kit Elementor Addons plugin <= 2.4.0 - Deserialization of untrusted data Vulnerability | bdthemes | Ultimate Store Kit Elementor Addons | Critical | 9.8 | 2025-04-17 15:46:44 | Deep Dive |
| CVE-2025-32184 | WordPress Ultimate Store Kit Elementor Addons plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability | bdthemes | Ultimate Store Kit Elementor Addons | Medium | 6.5 | 2025-04-04 15:58:59 | Deep Dive |
| CVE-2025-24584 | WordPress Ultimate Store Kit Elementor Addons plugin <= 2.3.0 - Broken Access Control vulnerability | bdthemes | Ultimate Store Kit Elementor Addons | Medium | 4.3 | 2025-01-27 13:59:49 | Deep Dive |
| CVE-2024-12043 | Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.16.5 - Authenticated (Contributor+) Stored Cross-Site Scripting | bdthemes | Prime Slider – Addons for Elementor | Medium | 6.4 | 2025-01-23 11:13:27 | Deep Dive |
| CVE-2024-12851 | Element Pack Lite - Addons for Elementor <= 5.10.14 - Authenticated (Contributor+) Stored Cross-Site Scripting | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 6.4 | 2025-01-08 06:41:38 | Deep Dive |
| CVE-2024-11852 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.12 - Missing Authorization | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 4.3 | 2024-12-22 01:42:00 | Deep Dive |
| CVE-2024-9058 | Element Pack Elementor Addons <= 5.10.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Lightbox Widget | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 6.4 | 2024-12-03 06:50:54 | Deep Dive |
| CVE-2024-52377 | WordPress Instant Image Generator (One Click Image Uploads from Pixabay, Pexels and OpenAI) plugin <= 1.5.2 - Arbitrary File Upload vulnerability | bdthemes | Instant Image Generator | Critical | 10.0 | 2024-11-14 17:42:52 | Deep Dive |
| CVE-2024-8442 | Prime Slider - Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider <= 3.15.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Blog Widget | bdthemes | Prime Slider – Addons for Elementor | Medium | 6.4 | 2024-11-07 12:30:53 | Deep Dive |
| CVE-2024-9867 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Map Widget | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 5.4 | 2024-11-05 11:32:22 | Deep Dive |
| CVE-2024-9657 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 6.5 | 2024-11-05 11:32:21 | Deep Dive |
| CVE-2024-9868 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 5.4 | 2024-11-02 02:03:09 | Deep Dive |