Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

BdThemes — Vulnerabilities & Security Advisories 81

Browse all 81 CVE security advisories affecting BdThemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Bdthemes operates as a developer of WordPress themes and plugins, primarily targeting the e-commerce and lifestyle sectors. Security audits have identified eighty-one Common Vulnerabilities and Exposures (CVEs) associated with its portfolio, indicating a persistent pattern of insecure coding practices. The most prevalent vulnerability classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection, often stemming from insufficient input validation and improper sanitization of user-supplied data. Additionally, several instances of privilege escalation and broken access control have been documented, allowing unauthorized users to manipulate administrative functions or access sensitive files. These flaws frequently arise from outdated libraries and a lack of rigorous security testing during the development lifecycle. While some issues have been patched in subsequent updates, the high volume of recorded CVEs suggests that security remains a secondary priority compared to feature deployment, posing significant risks to sites relying on these components.

Found 16 results / 81Clear Filters
Top products by BdThemes: Element Pack – Widgets, Templates & Addons for Elementor Prime Slider – Addons for Elementor Ultimate Store Kit Elementor Addons Element Pack Elementor Addons ZoloBlocks Element Pack Pro Ultimate Store Kit – Addon For WooCommerce, EDD and Elementor ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns Ultimate Post Kit Addons for Elementor Element Pack Pro - Addon for Elementor Page Builder WordPress Plugin Instant Image Generator Element Pack Elementor Addons and Templates Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery Spin Wheel – Interactive spinning wheel that offers coupons Ultimate Post Kit
CVE IDTitleCVSSSeverityPublished
CVE-2026-4341 Prime Slider <= 4.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'follow_us_text' Parameter — Prime Slider – Addons for ElementorCWE-79 6.4 Medium2026-04-08
CVE-2025-68500 WordPress Prime Slider – Addons For Elementor plugin <= 4.0.10 - Server Side Request Forgery (SSRF) vulnerability — Prime Slider – Addons For ElementorCWE-918 4.9 Medium2025-12-24
CVE-2025-14277 Prime Slider – Addons for Elementor <= 4.0.9 - Authenticated (Subscriber+) Server-Side Request Forgery — Prime Slider – Addons for ElementorCWE-918 4.3 Medium2025-12-18
CVE-2024-12043 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.16.5 - Authenticated (Contributor+) Stored Cross-Site Scripting — Prime Slider – Addons for ElementorCWE-79 6.4 Medium2025-01-23
CVE-2024-8442 Prime Slider - Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider <= 3.15.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Blog Widget — Prime Slider – Addons for ElementorCWE-79 6.4 Medium2024-11-07
CVE-2024-5640 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pacific Widget — Prime Slider – Addons for ElementorCWE-79 6.4 Medium2024-06-07
CVE-2024-3997 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pagepiling Widget — Prime Slider – Addons for ElementorCWE-79 6.4 Medium2024-05-23
CVE-2024-4339 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Prime Slider – Addons for ElementorCWE-79 6.4 Medium2024-05-09
CVE-2024-32681 WordPress Prime Slider plugin <= 3.13.2 - Broken Access Control vulnerability — Prime Slider – Addons For ElementorCWE-862 4.3 Medium2024-04-22
CVE-2024-32682 WordPress Prime Slider plugin <= 3.13.2 - Broken Access Control vulnerability — Prime Slider – Addons For ElementorCWE-862 7.1 High2024-04-22
CVE-2024-1730 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider) <= 3.14.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Prime Slider – Addons for ElementorCWE-79 5.4 Medium2024-04-20
CVE-2024-30186 WordPress Prime Slider plugin <= 3.13.1 - Cross Site Scripting (XSS) vulnerability — Prime Slider – Addons For ElementorCWE-79 6.5 Medium2024-03-27
CVE-2024-24883 WordPress Prime Slider plugin <= 3.11.10 - Broken Access Control on Duplicate Post vulnerability — Prime Slider – Addons For ElementorCWE-862 4.3 Medium2024-03-21
CVE-2024-1507 Prime Slider – Addons For Elementor <= 3.13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Rubix Widget — Prime Slider – Addons for ElementorCWE-79 6.4 Medium2024-03-13
CVE-2024-1508 Prime Slider – Addons For Elementor <= 3.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Mercury Widget — Prime Slider – Addons for ElementorCWE-79 6.4 Medium2024-03-13
CVE-2024-1506 Prime Slider – Addons For Elementor <= 3.13.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fiestar Widget — Prime Slider – Addons for ElementorCWE-79 6.4 Medium2024-03-07

This page lists every published CVE security advisory associated with BdThemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.