Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

BdThemes — Vulnerabilities & Security Advisories 81

Browse all 81 CVE security advisories affecting BdThemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Bdthemes operates as a developer of WordPress themes and plugins, primarily targeting the e-commerce and lifestyle sectors. Security audits have identified eighty-one Common Vulnerabilities and Exposures (CVEs) associated with its portfolio, indicating a persistent pattern of insecure coding practices. The most prevalent vulnerability classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection, often stemming from insufficient input validation and improper sanitization of user-supplied data. Additionally, several instances of privilege escalation and broken access control have been documented, allowing unauthorized users to manipulate administrative functions or access sensitive files. These flaws frequently arise from outdated libraries and a lack of rigorous security testing during the development lifecycle. While some issues have been patched in subsequent updates, the high volume of recorded CVEs suggests that security remains a secondary priority compared to feature deployment, posing significant risks to sites relying on these components.

Top products by BdThemes: Element Pack – Widgets, Templates & Addons for Elementor Prime Slider – Addons for Elementor Ultimate Store Kit Elementor Addons Element Pack Elementor Addons ZoloBlocks Element Pack Pro Ultimate Store Kit – Addon For WooCommerce, EDD and Elementor ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns Ultimate Post Kit Addons for Elementor Element Pack Pro - Addon for Elementor Page Builder WordPress Plugin Instant Image Generator Element Pack Elementor Addons and Templates Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery Spin Wheel – Interactive spinning wheel that offers coupons Ultimate Post Kit
CVE IDTitleCVSSSeverityPublished
CVE-2024-3927 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.3 - Form Submission Admin Email Bypass — Element Pack – Widgets, Templates & Addons for ElementorCWE-424 5.3 Medium2024-05-22
CVE-2024-4339 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Prime Slider – Addons for ElementorCWE-79 6.4 Medium2024-05-09
CVE-2024-4606 WordPress Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder plugin <= 2.0.3 - PHP Object Injection vulnerability — Ultimate Store Kit Elementor AddonsCWE-502 5.4 Medium2024-05-09
CVE-2024-32681 WordPress Prime Slider plugin <= 3.13.2 - Broken Access Control vulnerability — Prime Slider – Addons For ElementorCWE-862 4.3 Medium2024-04-22
CVE-2024-32682 WordPress Prime Slider plugin <= 3.13.2 - Broken Access Control vulnerability — Prime Slider – Addons For ElementorCWE-862 7.1 High2024-04-22
CVE-2024-1730 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider) <= 3.14.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Prime Slider – Addons for ElementorCWE-79 5.4 Medium2024-04-20
CVE-2024-32572 WordPress Element Pack Elementor Addons plugin <= 5.6.0 - Cross Site Scripting (XSS) vulnerability — Element Pack Elementor AddonsCWE-79 6.5 Medium2024-04-18
CVE-2024-1426 Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) <= 5.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Price List Widget — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2024-04-18
CVE-2024-1429 Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) <= 5.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Panel Slider Widget — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2024-04-18
CVE-2024-2966 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.5.6 - Sensitive Information Exposure via element_pack_ajax_search — Element Pack – Widgets, Templates & Addons for ElementorCWE-200 5.3 Medium2024-04-11
CVE-2024-31357 WordPress Ultimate Store Kit Elementor Addons plugin <= 1.5.2 - Cross Site Scripting (XSS) vulnerability — Ultimate Store Kit Elementor AddonsCWE-79 6.5 Medium2024-04-08
CVE-2024-0837 Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) <= 5.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Custom Gallery' Widget — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2024-04-06
CVE-2024-1428 Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) <= 5.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Trailer Box Widget — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2024-04-06
CVE-2024-30496 WordPress Element Pack Lite plugin <= 5.5.3 - SQL Injection vulnerability — Element Pack Elementor AddonsCWE-89 8.5 High2024-03-29
CVE-2024-30186 WordPress Prime Slider plugin <= 3.13.1 - Cross Site Scripting (XSS) vulnerability — Prime Slider – Addons For ElementorCWE-79 6.5 Medium2024-03-27
CVE-2024-30185 WordPress Element Pack Elementor Addons plugin <= 5.5.3 - Cross Site Scripting (XSS) vulnerability — Element Pack Elementor AddonsCWE-79 6.5 Medium2024-03-27
CVE-2024-24840 WordPress Element Pack Elementor Addons plugin <= 5.4.11 - Broken Access Control on Duplicate Post vulnerability — Element Pack Elementor AddonsCWE-862 4.3 Medium2024-03-23
CVE-2024-24883 WordPress Prime Slider plugin <= 3.11.10 - Broken Access Control on Duplicate Post vulnerability — Prime Slider – Addons For ElementorCWE-862 4.3 Medium2024-03-21
CVE-2024-1507 Prime Slider – Addons For Elementor <= 3.13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Rubix Widget — Prime Slider – Addons for ElementorCWE-79 6.4 Medium2024-03-13
CVE-2024-1508 Prime Slider – Addons For Elementor <= 3.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Mercury Widget — Prime Slider – Addons for ElementorCWE-79 6.4 Medium2024-03-13
CVE-2024-1506 Prime Slider – Addons For Elementor <= 3.13.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fiestar Widget — Prime Slider – Addons for ElementorCWE-79 6.4 Medium2024-03-07

This page lists every published CVE security advisory associated with BdThemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.