Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

bdthemes — Vulnerabilities & Security Advisories 81

Browse all 81 CVE security advisories affecting bdthemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Bdthemes operates as a developer of WordPress themes and plugins, primarily targeting the e-commerce and lifestyle sectors. Security audits have identified eighty-one Common Vulnerabilities and Exposures (CVEs) associated with its portfolio, indicating a persistent pattern of insecure coding practices. The most prevalent vulnerability classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection, often stemming from insufficient input validation and improper sanitization of user-supplied data. Additionally, several instances of privilege escalation and broken access control have been documented, allowing unauthorized users to manipulate administrative functions or access sensitive files. These flaws frequently arise from outdated libraries and a lack of rigorous security testing during the development lifecycle. While some issues have been patched in subsequent updates, the high volume of recorded CVEs suggests that security remains a secondary priority compared to feature deployment, posing significant risks to sites relying on these components.

Top products by bdthemes: Element Pack – Widgets, Templates & Addons for Elementor Prime Slider – Addons for Elementor Ultimate Store Kit Elementor Addons Element Pack Elementor Addons ZoloBlocks Element Pack Pro Ultimate Store Kit – Addon For WooCommerce, EDD and Elementor ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns Ultimate Post Kit Addons for Elementor Element Pack Pro - Addon for Elementor Page Builder WordPress Plugin Instant Image Generator Element Pack Elementor Addons and Templates Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery Spin Wheel – Interactive spinning wheel that offers coupons Ultimate Post Kit
CVE IDTitleCVSSSeverityPublished
CVE-2026-40745 WordPress Element Pack Elementor Addons plugin <= 8.4.2 - SQL Injection vulnerability — Element Pack Elementor AddonsCWE-89 7.6 High2026-04-15
CVE-2026-4655 Element Pack Addons for Elementor <= 8.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Image Widget — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2026-04-08
CVE-2026-4341 Prime Slider <= 4.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'follow_us_text' Parameter — Prime Slider – Addons for ElementorCWE-79 6.4 Medium2026-04-08
CVE-2026-24362 WordPress Ultimate Post Kit plugin <= 4.0.21 - Broken Access Control vulnerability — Ultimate Post KitCWE-862 6.4 Medium2026-03-25
CVE-2026-1793 Element Pack Addons for Elementor <= 8.3.17 - Authenticated (Contributor+) Arbitrary File Read — Element Pack – Widgets, Templates & Addons for ElementorCWE-22 6.5 Medium2026-02-15
CVE-2025-31413 WordPress Element Pack Elementor Addons plugin <= 8.3.13 - Cross Site Request Forgery (CSRF) vulnerability — Element Pack Elementor AddonsCWE-352 4.3 Medium2026-01-22
CVE-2026-0808 Spin Wheel <= 2.1.0 - Unauthenticated Client-Side Prize Manipulation via 'prize_index' Parameter — Spin Wheel – Interactive spinning wheel that offers couponsCWE-602 5.3 Medium2026-01-17
CVE-2025-69336 WordPress Ultimate Store Kit Elementor Addons plugin <= 2.9.4 - Broken Access Control vulnerability — Ultimate Store Kit Elementor AddonsCWE-862 4.3 Medium2026-01-06
CVE-2025-68500 WordPress Prime Slider – Addons For Elementor plugin <= 4.0.10 - Server Side Request Forgery (SSRF) vulnerability — Prime Slider – Addons For ElementorCWE-918 4.9 Medium2025-12-24
CVE-2025-14277 Prime Slider – Addons for Elementor <= 4.0.9 - Authenticated (Subscriber+) Server-Side Request Forgery — Prime Slider – Addons for ElementorCWE-918 4.3 Medium2025-12-18
CVE-2025-13196 Element Pack Addons for Elementor <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map widget — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 5.4 Medium2025-11-18
CVE-2025-12134 ZoloBlocks <= 2.3.11 - Missing Authorization to Unauthenticated Popup Enable/Disable — ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & PatternsCWE-862 5.3 Medium2025-10-24
CVE-2025-49903 WordPress ZoloBlocks plugin <= 2.3.11 - Broken Access Control vulnerability — ZoloBlocksCWE-862 5.3 Medium2025-10-22
CVE-2025-11536 Element Pack Addons for Elementor <= 8.2.5 - Authenticated (Subscriber+) Blind Server-Side Request Forgery — Element Pack – Widgets, Templates & Addons for ElementorCWE-918 5.0 Medium2025-10-20
CVE-2025-9075 ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns <= 2.3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting — ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & PatternsCWE-79 6.4 Medium2025-10-01
CVE-2025-60161 WordPress ZoloBlocks Plugin <= 2.3.11 - Server Side Request Forgery (SSRF) Vulnerability — ZoloBlocksCWE-918 5.4 Medium2025-09-26
CVE-2025-58017 WordPress Ultimate Store Kit Elementor Addons plugin <= 2.8.6 - Cross Site Scripting (XSS) vulnerability — Ultimate Store Kit Elementor AddonsCWE-79 6.5 Medium2025-09-22
CVE-2025-58230 WordPress ZoloBlocks plugin <= 2.3.12 - Cross Site Scripting (XSS) vulnerability — ZoloBlocksCWE-79 6.5 Medium2025-09-22
CVE-2025-53210 WordPress ZoloBlocks Plugin <= 2.3.2 - Local File Inclusion Vulnerability — ZoloBlocksCWE-98 7.5 High2025-08-20
CVE-2025-8100 Element Pack Elementor Addons and Templates <= 8.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map Widget Marker Content — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 5.4 Medium2025-08-06
CVE-2025-7644 Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery <= 1.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting — Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio GalleryCWE-79 6.4 Medium2025-07-22
CVE-2025-5944 Element Pack Addons for Elementor <= 8.0.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via data-caption Attribute — Element Pack Elementor Addons and TemplatesCWE-79 6.4 Medium2025-07-03
CVE-2025-46258 WordPress Element Pack Pro Plugin < 8.0.0 - Broken Access Control vulnerability — Element Pack ProCWE-862 5.4 Medium2025-06-05
CVE-2025-46257 WordPress Element Pack Pro Plugin < 8.0.0 - Cross Site Request Forgery (CSRF) vulnerability — Element Pack ProCWE-352 4.3 Medium2025-06-05
CVE-2025-5292 Element Pack Addons for Elementor – Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder <= 5.11.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2025-05-31
CVE-2025-2168 Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 2.4.1 - Cross-Site Request Forgery to Limited User Meta Update — Ultimate Store Kit – Addon For WooCommerce, EDD and ElementorCWE-352 4.3 Medium2025-05-01
CVE-2025-1458 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.29 - Authenticated (Contributor+) Stored Cross-Site Scripting — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2025-04-26
CVE-2025-1457 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.28 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2025-04-19
CVE-2025-39588 WordPress Ultimate Store Kit Elementor Addons plugin <= 2.4.0 - Deserialization of untrusted data Vulnerability — Ultimate Store Kit Elementor AddonsCWE-502 9.8 Critical2025-04-17
CVE-2025-32184 WordPress Ultimate Store Kit Elementor Addons plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability — Ultimate Store Kit Elementor AddonsCWE-79 6.5 Medium2025-04-04

This page lists every published CVE security advisory associated with bdthemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.