Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

bdthemes — Vulnerabilities & Security Advisories 81

Browse all 81 CVE security advisories affecting bdthemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Bdthemes operates as a developer of WordPress themes and plugins, primarily targeting the e-commerce and lifestyle sectors. Security audits have identified eighty-one Common Vulnerabilities and Exposures (CVEs) associated with its portfolio, indicating a persistent pattern of insecure coding practices. The most prevalent vulnerability classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection, often stemming from insufficient input validation and improper sanitization of user-supplied data. Additionally, several instances of privilege escalation and broken access control have been documented, allowing unauthorized users to manipulate administrative functions or access sensitive files. These flaws frequently arise from outdated libraries and a lack of rigorous security testing during the development lifecycle. While some issues have been patched in subsequent updates, the high volume of recorded CVEs suggests that security remains a secondary priority compared to feature deployment, posing significant risks to sites relying on these components.

Found 29 results / 81Clear Filters
Top products by bdthemes: Element Pack – Widgets, Templates & Addons for Elementor Prime Slider – Addons for Elementor Ultimate Store Kit Elementor Addons Element Pack Elementor Addons ZoloBlocks Element Pack Pro Ultimate Store Kit – Addon For WooCommerce, EDD and Elementor ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns Ultimate Post Kit Addons for Elementor Element Pack Pro - Addon for Elementor Page Builder WordPress Plugin Instant Image Generator Element Pack Elementor Addons and Templates Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery Spin Wheel – Interactive spinning wheel that offers coupons Ultimate Post Kit
CVE IDTitleCVSSSeverityPublished
CVE-2026-4655 Element Pack Addons for Elementor <= 8.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Image Widget — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2026-04-08
CVE-2026-1793 Element Pack Addons for Elementor <= 8.3.17 - Authenticated (Contributor+) Arbitrary File Read — Element Pack – Widgets, Templates & Addons for ElementorCWE-22 6.5 Medium2026-02-15
CVE-2025-13196 Element Pack Addons for Elementor <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map widget — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 5.4 Medium2025-11-18
CVE-2025-11536 Element Pack Addons for Elementor <= 8.2.5 - Authenticated (Subscriber+) Blind Server-Side Request Forgery — Element Pack – Widgets, Templates & Addons for ElementorCWE-918 5.0 Medium2025-10-20
CVE-2025-8100 Element Pack Elementor Addons and Templates <= 8.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map Widget Marker Content — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 5.4 Medium2025-08-06
CVE-2025-5292 Element Pack Addons for Elementor – Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder <= 5.11.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2025-05-31
CVE-2025-1458 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.29 - Authenticated (Contributor+) Stored Cross-Site Scripting — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2025-04-26
CVE-2025-1457 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.28 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2025-04-19
CVE-2024-12851 Element Pack Lite - Addons for Elementor <= 5.10.14 - Authenticated (Contributor+) Stored Cross-Site Scripting — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2025-01-08
CVE-2024-11852 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.12 - Missing Authorization — Element Pack – Widgets, Templates & Addons for ElementorCWE-862 4.3 Medium2024-12-22
CVE-2024-9058 Element Pack Elementor Addons <= 5.10.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Lightbox Widget — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2024-12-03
CVE-2024-9867 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Map Widget — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 5.4 Medium2024-11-05
CVE-2024-9657 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.5 Medium2024-11-05
CVE-2024-9868 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 5.4 Medium2024-11-02
CVE-2024-10310 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Custom Gallery Widget — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2024-11-02
CVE-2024-7247 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Gallery and Countdown Widgets — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2024-08-13
CVE-2024-4359 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.7.2 - Authenticated (Contributor+) Arbitrary File Read — Element Pack – Widgets, Templates & Addons for ElementorCWE-98 6.5 Medium2024-08-09
CVE-2024-4360 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via title_tag — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2024-08-09
CVE-2024-4643 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2024-08-02
CVE-2024-5555 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2024-07-18
CVE-2024-5554 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2024-07-18
CVE-2024-3925 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via onclick events — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2024-06-12
CVE-2024-3926 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via custom_attributes — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2024-05-22
CVE-2024-3927 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.3 - Form Submission Admin Email Bypass — Element Pack – Widgets, Templates & Addons for ElementorCWE-424 5.3 Medium2024-05-22
CVE-2024-1429 Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) <= 5.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Panel Slider Widget — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2024-04-18
CVE-2024-1426 Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) <= 5.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Price List Widget — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2024-04-18
CVE-2024-2966 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.5.6 - Sensitive Information Exposure via element_pack_ajax_search — Element Pack – Widgets, Templates & Addons for ElementorCWE-200 5.3 Medium2024-04-11
CVE-2024-0837 Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) <= 5.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Custom Gallery' Widget — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2024-04-06
CVE-2024-1428 Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) <= 5.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Trailer Box Widget — Element Pack – Widgets, Templates & Addons for ElementorCWE-79 6.4 Medium2024-04-06

This page lists every published CVE security advisory associated with bdthemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.