Vulnerabilities in bdthemes
84 resultsCVE-2025-8100MEDIUMElement Pack Elementor Addons and Templates <= 8.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map Widget Marker ContentEPSS 3.1%CVE-2024-8030CRITICALUltimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 2.0.3 - Unauthenticated PHP Object InjectionEPSS 1.1%CVE-2024-5335CRITICALUltimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 1.6.4 - Unauthenticated PHP Object InjectionEPSS 0.9%CVE-2024-30496HIGHWordPress Element Pack Lite plugin <= 5.5.3 - SQL Injection vulnerabilityEPSS 0.6%CVE-2024-33568HIGHWordPress Element Pack Pro plugin < 7.19.3 - Arbitrary File Read and Phar Deserialization vulnerabilityEPSS 0.5%CVE-2024-32682HIGHWordPress Prime Slider plugin <= 3.13.2 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2024-4359MEDIUMElement Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.7.2 - Authenticated (Contributor+) Arbitrary File ReadEPSS 0.5%CVE-2024-5555MEDIUMElement Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.5 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.5%CVE-2024-52377CRITICALWordPress Instant Image Generator (One Click Image Uploads from Pixabay, Pexels and OpenAI) plugin <= 1.5.2 - Arbitrary File Upload vulnerabilityEPSS 0.5%CVE-2024-2966MEDIUMElement Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.5.6 - Sensitive Information Exposure via element_pack_ajax_searchEPSS 0.5%CVE-2025-53210HIGHWordPress ZoloBlocks Plugin <= 2.3.2 - Local File Inclusion VulnerabilityEPSS 0.5%CVE-2024-7247MEDIUMElement Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Gallery and Countdown WidgetsEPSS 0.5%CVE-2024-4360MEDIUMElement Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via title_tagEPSS 0.4%CVE-2024-1507MEDIUMPrime Slider – Addons For Elementor <= 3.13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Rubix WidgetEPSS 0.4%CVE-2024-1428MEDIUMElement Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) <= 5.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Trailer Box WidgetEPSS 0.4%CVE-2024-3927MEDIUMElement Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.3 - Form Submission Admin Email BypassEPSS 0.4%CVE-2022-4974MEDIUMFreemius SDK <= 2.4.2 - Missing Authorization ChecksEPSS 0.4%CVE-2025-39588CRITICALWordPress Ultimate Store Kit Elementor Addons plugin <= 2.4.0 - Deserialization of untrusted data VulnerabilityEPSS 0.4%CVE-2026-40721HIGHWordPress Element Pack Pro plugin <= 9.0.6 - Local File Inclusion vulnerabilityEPSS 0.4%CVE-2024-5662MEDIUMUltimate Post Kit Addons For Elementor – (Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post Ticker, Tag Cloud) <= 3.11.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Social Count (Static) WidgetEPSS 0.4%