Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

bdthemes — Vulnerabilities & Security Advisories 81

Browse all 81 CVE security advisories affecting bdthemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Bdthemes operates as a developer of WordPress themes and plugins, primarily targeting the e-commerce and lifestyle sectors. Security audits have identified eighty-one Common Vulnerabilities and Exposures (CVEs) associated with its portfolio, indicating a persistent pattern of insecure coding practices. The most prevalent vulnerability classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection, often stemming from insufficient input validation and improper sanitization of user-supplied data. Additionally, several instances of privilege escalation and broken access control have been documented, allowing unauthorized users to manipulate administrative functions or access sensitive files. These flaws frequently arise from outdated libraries and a lack of rigorous security testing during the development lifecycle. While some issues have been patched in subsequent updates, the high volume of recorded CVEs suggests that security remains a secondary priority compared to feature deployment, posing significant risks to sites relying on these components.

Top products by bdthemes: Element Pack – Widgets, Templates & Addons for Elementor Prime Slider – Addons for Elementor Ultimate Store Kit Elementor Addons Element Pack Elementor Addons ZoloBlocks Element Pack Pro Ultimate Store Kit – Addon For WooCommerce, EDD and Elementor ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns Ultimate Post Kit Addons for Elementor Element Pack Pro - Addon for Elementor Page Builder WordPress Plugin Instant Image Generator Element Pack Elementor Addons and Templates Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery Spin Wheel – Interactive spinning wheel that offers coupons Ultimate Post Kit
CVE IDTitleCVSSSeverityPublished
CVE-2025-24584 WordPress Ultimate Store Kit Elementor Addons plugin <= 2.3.0 - Broken Access Control vulnerability — Ultimate Store Kit Elementor AddonsCWE-862 4.3 Medium2025-01-27
CVE-2024-12043 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.16.5 - Authenticated (Contributor+) Stored Cross-Site Scripting — Prime Slider – Addons for ElementorCWE-79 6.4 Medium2025-01-23
CVE-2024-12851 Element Pack Lite - Addons for Elementor <= 5.10.14 - Authenticated (Contributor+) Stored Cross-Site Scripting — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2025-01-08
CVE-2024-11852 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.12 - Missing Authorization — Element Pack – Widgets, Templates & Addons for ElementorCWE-862 4.3 Medium2024-12-22
CVE-2024-9058 Element Pack Elementor Addons <= 5.10.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Lightbox Widget — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2024-12-03
CVE-2024-52377 WordPress Instant Image Generator (One Click Image Uploads from Pixabay, Pexels and OpenAI) plugin <= 1.5.2 - Arbitrary File Upload vulnerability — Instant Image GeneratorCWE-434 10.0 Critical2024-11-14
CVE-2024-8442 Prime Slider - Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider <= 3.15.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Blog Widget — Prime Slider – Addons for ElementorCWE-79 6.4 Medium2024-11-07
CVE-2024-9867 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Map Widget — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 5.4 Medium2024-11-05
CVE-2024-9657 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.5 Medium2024-11-05
CVE-2024-9868 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 5.4 Medium2024-11-02
CVE-2024-10310 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Custom Gallery Widget — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2024-11-02
CVE-2024-47392 WordPress Element Pack Elementor Addons plugin <= 5.7.5 - Cross Site Scripting (XSS) vulnerability — Element Pack Elementor AddonsCWE-79 6.5 Medium2024-10-05
CVE-2024-47629 WordPress Ultimate Store Kit Elementor Addons plugin <= 2.0.5 - Cross Site Scripting (XSS) vulnerability — Ultimate Store Kit Elementor AddonsCWE-79 6.5 Medium2024-10-05
CVE-2024-8030 Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 2.0.3 - Unauthenticated PHP Object Injection — Ultimate Store Kit – Addon For WooCommerce, EDD and ElementorCWE-502 9.8 Critical2024-08-28
CVE-2024-5335 Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 1.6.4 - Unauthenticated PHP Object Injection — Ultimate Store Kit – Addon For WooCommerce, EDD and ElementorCWE-502 9.8 Critical2024-08-21
CVE-2024-43342 WordPress Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin <= 1.6.4 - Cross Site Scripting (XSS) vulnerability — Ultimate Store Kit Elementor AddonsCWE-79 6.5 Medium2024-08-18
CVE-2024-7247 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Gallery and Countdown Widgets — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2024-08-13
CVE-2024-4359 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.7.2 - Authenticated (Contributor+) Arbitrary File Read — Element Pack – Widgets, Templates & Addons for ElementorCWE-98 6.5 Medium2024-08-09
CVE-2024-4360 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via title_tag — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2024-08-09
CVE-2024-4643 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2024-08-02
CVE-2024-39667 WordPress Element Pack Elementor Addons plugin <= 5.6.11 - Cross Site Scripting (XSS) vulnerability — Element Pack Elementor AddonsCWE-79 6.5 Medium2024-08-01
CVE-2024-2455 Element Pack - Addon for Elementor Page Builder WordPress Plugin <= 7.9.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Wrapper Link URL — Element Pack Pro - Addon for Elementor Page Builder WordPress PluginCWE-79 6.4 Medium2024-08-01
CVE-2024-5555 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2024-07-18
CVE-2024-5554 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2024-07-18
CVE-2024-5662 Ultimate Post Kit Addons For Elementor – (Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post Ticker, Tag Cloud) <= 3.11.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Social Count (Static) Widget — Ultimate Post Kit Addons for ElementorCWE-79 6.4 Medium2024-06-28
CVE-2024-3925 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via onclick events — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2024-06-12
CVE-2024-5640 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pacific Widget — Prime Slider – Addons for ElementorCWE-79 6.4 Medium2024-06-07
CVE-2024-33568 WordPress Element Pack Pro plugin < 7.19.3 - Arbitrary File Read and Phar Deserialization vulnerability — Element Pack ProCWE-22 8.5 High2024-06-04
CVE-2024-3997 Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pagepiling Widget — Prime Slider – Addons for ElementorCWE-79 6.4 Medium2024-05-23
CVE-2024-3926 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via custom_attributes — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2024-05-22

This page lists every published CVE security advisory associated with bdthemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.