Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

bdthemes — Vulnerabilities & Security Advisories 81

Browse all 81 CVE security advisories affecting bdthemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by bdthemes:Element Pack – Widgets, Templates & Addons for ElementorPrime Slider – Addons for ElementorUltimate Store Kit Elementor AddonsElement Pack Elementor AddonsZoloBlocksElement Pack ProUltimate Store Kit – Addon For WooCommerce, EDD and ElementorZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & PatternsUltimate Post Kit Addons for ElementorElement Pack Pro - Addon for Elementor Page Builder WordPress PluginInstant Image GeneratorElement Pack Elementor Addons and TemplatesPixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio GallerySpin Wheel – Interactive spinning wheel that offers couponsUltimate Post Kit
CVE IDTitleCVSSSeverityPublished
CVE-2025-24584 WordPress Ultimate Store Kit Elementor Addons plugin <= 2.3.0 - Broken Access Control vulnerability — Ultimate Store Kit Elementor AddonsCWE-862 4.3 Medium2025-01-27
CVE-2024-12043 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.16.5 - Authenticated (Contributor+) Stored Cross-Site Scripting — Prime Slider – Addons for ElementorCWE-79 6.4 Medium2025-01-23
CVE-2024-12851 Element Pack Lite - Addons for Elementor <= 5.10.14 - Authenticated (Contributor+) Stored Cross-Site Scripting — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2025-01-08
CVE-2024-11852 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.12 - Missing Authorization — Element Pack – Widgets, Templates & Addons for ElementorCWE-862 4.3 Medium2024-12-22
CVE-2024-9058 Element Pack Elementor Addons <= 5.10.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Lightbox Widget — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2024-12-03
CVE-2024-52377 WordPress Instant Image Generator (One Click Image Uploads from Pixabay, Pexels and OpenAI) plugin <= 1.5.2 - Arbitrary File Upload vulnerability — Instant Image GeneratorCWE-434 10.0 Critical2024-11-14
CVE-2024-8442 Prime Slider - Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider <= 3.15.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Blog Widget — Prime Slider – Addons for ElementorCWE-79 6.4 Medium2024-11-07
CVE-2024-9867 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Map Widget — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 5.4 Medium2024-11-05
CVE-2024-9657 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.5 Medium2024-11-05
CVE-2024-9868 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 5.4 Medium2024-11-02
CVE-2024-10310 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Custom Gallery Widget — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2024-11-02
CVE-2024-47392 WordPress Element Pack Elementor Addons plugin <= 5.7.5 - Cross Site Scripting (XSS) vulnerability — Element Pack Elementor AddonsCWE-79 6.5 Medium2024-10-05
CVE-2024-47629 WordPress Ultimate Store Kit Elementor Addons plugin <= 2.0.5 - Cross Site Scripting (XSS) vulnerability — Ultimate Store Kit Elementor AddonsCWE-79 6.5 Medium2024-10-05
CVE-2024-8030 Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 2.0.3 - Unauthenticated PHP Object Injection — Ultimate Store Kit – Addon For WooCommerce, EDD and ElementorCWE-502 9.8 Critical2024-08-28
CVE-2024-5335 Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 1.6.4 - Unauthenticated PHP Object Injection — Ultimate Store Kit – Addon For WooCommerce, EDD and ElementorCWE-502 9.8 Critical2024-08-21
CVE-2024-43342 WordPress Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin <= 1.6.4 - Cross Site Scripting (XSS) vulnerability — Ultimate Store Kit Elementor AddonsCWE-79 6.5 Medium2024-08-18
CVE-2024-7247 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Gallery and Countdown Widgets — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2024-08-13
CVE-2024-4359 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.7.2 - Authenticated (Contributor+) Arbitrary File Read — Element Pack – Widgets, Templates & Addons for ElementorCWE-98 6.5 Medium2024-08-09
CVE-2024-4360 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via title_tag — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2024-08-09
CVE-2024-4643 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2024-08-02
CVE-2024-39667 WordPress Element Pack Elementor Addons plugin <= 5.6.11 - Cross Site Scripting (XSS) vulnerability — Element Pack Elementor AddonsCWE-79 6.5 Medium2024-08-01
CVE-2024-2455 Element Pack - Addon for Elementor Page Builder WordPress Plugin <= 7.9.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Wrapper Link URL — Element Pack Pro - Addon for Elementor Page Builder WordPress PluginCWE-79 6.4 Medium2024-08-01
CVE-2024-5555 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2024-07-18
CVE-2024-5554 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2024-07-18
CVE-2024-5662 Ultimate Post Kit Addons For Elementor – (Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post Ticker, Tag Cloud) <= 3.11.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Social Count (Static) Widget — Ultimate Post Kit Addons for ElementorCWE-79 6.4 Medium2024-06-28
CVE-2024-3925 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via onclick events — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2024-06-12
CVE-2024-5640 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pacific Widget — Prime Slider – Addons for ElementorCWE-79 6.4 Medium2024-06-07
CVE-2024-33568 WordPress Element Pack Pro plugin < 7.19.3 - Arbitrary File Read and Phar Deserialization vulnerability — Element Pack ProCWE-22 8.5 High2024-06-04
CVE-2024-3997 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pagepiling Widget — Prime Slider – Addons for ElementorCWE-79 6.4 Medium2024-05-23
CVE-2024-3926 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via custom_attributes — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2024-05-22

This page lists every published CVE security advisory associated with bdthemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.