Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

bdthemes — Vulnerabilities & Security Advisories 81

Browse all 81 CVE security advisories affecting bdthemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by bdthemes:Element Pack – Widgets, Templates & Addons for ElementorPrime Slider – Addons for ElementorUltimate Store Kit Elementor AddonsElement Pack Elementor AddonsZoloBlocksElement Pack ProUltimate Store Kit – Addon For WooCommerce, EDD and ElementorZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & PatternsUltimate Post Kit Addons for ElementorElement Pack Pro - Addon for Elementor Page Builder WordPress PluginInstant Image GeneratorElement Pack Elementor Addons and TemplatesPixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio GallerySpin Wheel – Interactive spinning wheel that offers couponsUltimate Post Kit
CVE IDTitleCVSSSeverityPublished
CVE-2026-40745 WordPress Element Pack Elementor Addons plugin <= 8.4.2 - SQL Injection vulnerability — Element Pack Elementor AddonsCWE-89 9.8 -2026-04-15
CVE-2026-4655 Element Pack Addons for Elementor <= 8.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Image Widget — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2026-04-08
CVE-2026-4341 Prime Slider <= 4.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'follow_us_text' Parameter — Prime Slider – Addons for ElementorCWE-79 6.4 Medium2026-04-08
CVE-2026-24362 WordPress Ultimate Post Kit plugin <= 4.0.21 - Broken Access Control vulnerability — Ultimate Post KitCWE-862 6.4 Medium2026-03-25
CVE-2026-1793 Element Pack Addons for Elementor <= 8.3.17 - Authenticated (Contributor+) Arbitrary File Read — Element Pack – Widgets, Templates & Addons for ElementorCWE-22 6.5 Medium2026-02-15
CVE-2025-31413 WordPress Element Pack Elementor Addons plugin <= 8.3.13 - Cross Site Request Forgery (CSRF) vulnerability — Element Pack Elementor AddonsCWE-352 4.3 Medium2026-01-22
CVE-2026-0808 Spin Wheel <= 2.1.0 - Unauthenticated Client-Side Prize Manipulation via 'prize_index' Parameter — Spin Wheel – Interactive spinning wheel that offers couponsCWE-602 5.3 Medium2026-01-17
CVE-2025-69336 WordPress Ultimate Store Kit Elementor Addons plugin <= 2.9.4 - Broken Access Control vulnerability — Ultimate Store Kit Elementor AddonsCWE-862 9.1 -2026-01-06
CVE-2025-68500 WordPress Prime Slider – Addons For Elementor plugin <= 4.0.10 - Server Side Request Forgery (SSRF) vulnerability — Prime Slider – Addons For ElementorCWE-918 4.9 Medium2025-12-24
CVE-2025-14277 Prime Slider – Addons for Elementor <= 4.0.9 - Authenticated (Subscriber+) Server-Side Request Forgery — Prime Slider – Addons for ElementorCWE-918 4.3 Medium2025-12-18
CVE-2025-13196 Element Pack Addons for Elementor <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map widget — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 5.4 Medium2025-11-18
CVE-2025-12134 ZoloBlocks <= 2.3.11 - Missing Authorization to Unauthenticated Popup Enable/Disable — ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & PatternsCWE-862 5.3 Medium2025-10-24
CVE-2025-49903 WordPress ZoloBlocks plugin <= 2.3.11 - Broken Access Control vulnerability — ZoloBlocksCWE-862 5.3 Medium2025-10-22
CVE-2025-11536 Element Pack Addons for Elementor <= 8.2.5 - Authenticated (Subscriber+) Blind Server-Side Request Forgery — Element Pack – Widgets, Templates & Addons for ElementorCWE-918 5.0 Medium2025-10-20
CVE-2025-9075 ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns <= 2.3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting — ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & PatternsCWE-79 6.4 Medium2025-10-01
CVE-2025-60161 WordPress ZoloBlocks Plugin <= 2.3.11 - Server Side Request Forgery (SSRF) Vulnerability — ZoloBlocksCWE-918 5.4 Medium2025-09-26
CVE-2025-58017 WordPress Ultimate Store Kit Elementor Addons plugin <= 2.8.6 - Cross Site Scripting (XSS) vulnerability — Ultimate Store Kit Elementor AddonsCWE-79 6.5 Medium2025-09-22
CVE-2025-58230 WordPress ZoloBlocks plugin <= 2.3.12 - Cross Site Scripting (XSS) vulnerability — ZoloBlocksCWE-79 6.5 Medium2025-09-22
CVE-2025-53210 WordPress ZoloBlocks Plugin <= 2.3.2 - Local File Inclusion Vulnerability — ZoloBlocksCWE-98 7.5 High2025-08-20
CVE-2025-8100 Element Pack Elementor Addons and Templates <= 8.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map Widget Marker Content — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 5.4 Medium2025-08-06
CVE-2025-7644 Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery <= 1.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting — Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio GalleryCWE-79 6.4 Medium2025-07-22
CVE-2025-5944 Element Pack Addons for Elementor <= 8.0.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via data-caption Attribute — Element Pack Elementor Addons and TemplatesCWE-79 6.4 Medium2025-07-03
CVE-2025-46258 WordPress Element Pack Pro Plugin < 8.0.0 - Broken Access Control vulnerability — Element Pack ProCWE-862 5.4 Medium2025-06-05
CVE-2025-46257 WordPress Element Pack Pro Plugin < 8.0.0 - Cross Site Request Forgery (CSRF) vulnerability — Element Pack ProCWE-352 4.3 Medium2025-06-05
CVE-2025-5292 Element Pack Addons for Elementor – Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder <= 5.11.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2025-05-31
CVE-2025-2168 Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 2.4.1 - Cross-Site Request Forgery to Limited User Meta Update — Ultimate Store Kit – Addon For WooCommerce, EDD and ElementorCWE-352 4.3 Medium2025-05-01
CVE-2025-1458 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.29 - Authenticated (Contributor+) Stored Cross-Site Scripting — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2025-04-26
CVE-2025-1457 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.28 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2025-04-19
CVE-2025-39588 WordPress Ultimate Store Kit Elementor Addons plugin <= 2.4.0 - Deserialization of untrusted data Vulnerability — Ultimate Store Kit Elementor AddonsCWE-502 9.8 Critical2025-04-17
CVE-2025-32184 WordPress Ultimate Store Kit Elementor Addons plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability — Ultimate Store Kit Elementor AddonsCWE-79 6.5 Medium2025-04-04

This page lists every published CVE security advisory associated with bdthemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.