Element Pack Elementor Addons
bdthemes
Developer
8.5.1
Latest version
100,000
Installations
No date
Last updated
Vulnerability history
0 present
36 patched
2 Mitigation rules
- Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Custom Gallery Widget vulnerability<= 5.10.103/02/2026
- Authenticated (Contributor+) Stored Cross-Site Scripting via Panel Slider Widget vulnerability<= 5.6.002/02/2026
- Authenticated (Contributor+) Stored Cross-Site Scripting via Price List Widget vulnerability<= 5.6.002/02/2026
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 5.6.1102/02/2026
- Authenticated (Contributor+) Stored Cross-Site Scripting via Open Map Widget vulnerability<= 5.10.202/02/2026
- Contributor+ Stored XSS vulnerability< 5.10.330/01/2026
- Cross Site Request Forgery (CSRF) vulnerability<= 8.3.1316/01/2026
- Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map widget vulnerability<= 8.3.418/11/2025
- Authenticated (Subscriber+) Blind Server-Side Request Forgery vulnerability<= 8.2.520/10/2025
- Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map Widget Marker Content vulnerability<= 8.1.505/08/2025
- Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via data-caption Attribute vulnerability8.0.002/07/2025
- Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability<= 5.11.230/05/2025
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 5.10.2925/04/2025
- Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability<= 5.10.2819/04/2025
- WordPress Element Pack Lite - Addons for Elementor plugin <= 5.10.14 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 5.10.1407/01/2025
- Missing Authorization vulnerability<= 5.10.1223/12/2024
- Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Lightbox Widget vulnerability<= 5.10.502/12/2024
- Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability<= 5.10.205/11/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 5.10.101/11/2024
- Cross Site Scripting (XSS) vulnerability<= 5.7.530/09/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Gallery and Countdown Widgets vulnerability<= 5.7.213/08/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via title_tag vulnerability<= 5.7.609/08/2024
- Authenticated (Contributor+) Arbitrary File Read vulnerability<= 5.7.209/08/2024
- Cross Site Scripting (XSS) vulnerability<= 5.6.1101/08/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 5.6.518/07/2024
- Authenticated Stored Cross-Site Scripting vulnerability<= 5.6.1111/06/2024
- Form Submission Admin Email Bypass vulnerability<= 5.6.322/05/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via custom_attributes vulnerability<= 5.6.122/05/2024
- Cross Site Scripting (XSS) vulnerability<= 5.6.016/04/2024
- Sensitive Information Exposure via element_pack_ajax_search vulnerability<= 5.5.615/04/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Trailer Box Widget vulnerability<= 5.5.310/04/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via 'Custom Gallery' Widget vulnerability<= 5.3.208/04/2024
- SQL Injection vulnerability<= 5.5.328/03/2024
- Cross Site Scripting (XSS) vulnerability<= 5.5.325/03/2024
- Broken Access Control on Duplicate Post vulnerability<= 5.4.1102/02/2024
- Reflected Cross Site Scripting (XSS) vulnerability<= 5.2.018/07/2023