Element Pack Elementor Addons
bdthemes
Developer
8.3.9
Latest version
100,000
Installations
6 days ago
Last updated
Vulnerability history
0 present
29 fixed
2 Mitigation rules
- Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map widget vulnerability<= 8.3.4Nov 18, 2025
- Authenticated (Subscriber+) Blind Server-Side Request Forgery vulnerability<= 8.2.5Oct 20, 2025
- Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map Widget Marker Content vulnerability<= 8.1.5Aug 5, 2025
- Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via data-caption Attribute vulnerability8.0.0Jul 2, 2025
- Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability<= 5.11.2May 30, 2025
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 5.10.29Apr 25, 2025
- Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability<= 5.10.28Apr 19, 2025
- WordPress Element Pack Lite - Addons for Elementor plugin <= 5.10.14 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 5.10.14Jan 7, 2025
- Missing Authorization vulnerability<= 5.10.12Dec 23, 2024
- Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Lightbox Widget vulnerability<= 5.10.5Dec 2, 2024
- Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability<= 5.10.2Nov 5, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 5.10.1Nov 1, 2024
- Cross Site Scripting (XSS) vulnerability<= 5.7.5Sep 30, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Gallery and Countdown Widgets vulnerability<= 5.7.2Aug 13, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via title_tag vulnerability<= 5.7.6Aug 9, 2024
- Authenticated (Contributor+) Arbitrary File Read vulnerability<= 5.7.2Aug 9, 2024
- Cross Site Scripting (XSS) vulnerability<= 5.6.11Aug 1, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 5.6.5Jul 18, 2024
- Authenticated Stored Cross-Site Scripting vulnerability<= 5.6.11Jun 11, 2024
- Form Submission Admin Email Bypass vulnerability<= 5.6.3May 22, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via custom_attributes vulnerability<= 5.6.1May 22, 2024
- Cross Site Scripting (XSS) vulnerability<= 5.6.0Apr 16, 2024
- Sensitive Information Exposure via element_pack_ajax_search vulnerability<= 5.5.6Apr 15, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Trailer Box Widget vulnerability<= 5.5.3Apr 10, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via 'Custom Gallery' Widget vulnerability<= 5.3.2Apr 8, 2024
- SQL Injection vulnerability<= 5.5.3Mar 28, 2024
- Cross Site Scripting (XSS) vulnerability<= 5.5.3Mar 25, 2024
- Broken Access Control on Duplicate Post vulnerability<= 5.4.11Feb 2, 2024
- Reflected Cross Site Scripting (XSS) vulnerability<= 5.2.0Jul 18, 2023