Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows)

Information

Software Type Plugin
Software Slug bdthemes-element-pack-lite (view on wordpress.org)
Software Status Active
Software Author bdthemes
Software Website elementpack.pro
Software Downloads 3,429,092
Software Active Installs 100,000
Software Record Last Updated December 22, 2024

Showing 1-20 of 26 Vulnerabilities

Title Status CVE ID CVSS Researchers Date
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.12 - Missing Authorization Patched CVE-2024-11852 4.3 Tieu Pham Trong Nhan, incognito December 21, 2024
Element Pack Elementor Addons <= 5.10.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Lightbox Widget Patched CVE-2024-9058 6.4 zer0gh0st December 2, 2024
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Cookie Consent' Patched CVE-2024-10980 6.4 Dmitrii Ignatyev November 14, 2024
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) Stored Cross-Site Scripting Patched CVE-2024-10493 6.4 Dmitrii Ignatyev November 7, 2024
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.2 - Authenticated (Contributor+ Stored Cross-Site Scripting via Open Map Widget Patched CVE-2024-9867 5.4 zer0gh0st November 4, 2024
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting Patched CVE-2024-9657 6.5 Webbernaut November 4, 2024
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Custom Gallery Widget Patched CVE-2024-10310 6.4 zer0gh0st November 1, 2024
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate Patched CVE-2024-9868 5.4 zer0gh0st November 1, 2024
Element Pack Elementor Addons <= 5.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Patched CVE-2024-47392 6.4 Robert DeVore September 30, 2024
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Gallery and Countdown Widgets Patched CVE-2024-7247 6.4 Webbernaut August 12, 2024
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.7.2 - Authenticated (Contributor+) Arbitrary File Read Patched CVE-2024-4359 6.5 Webbernaut August 8, 2024
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via title_tag Patched CVE-2024-4360 6.4 Ngô Thiên An (ancorn_) August 8, 2024
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting Patched CVE-2024-4643 6.4 Webbernaut August 1, 2024
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting Patched CVE-2024-5555 6.4 João Pedro Soares de Alcântara July 17, 2024
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting Patched CVE-2024-5554 6.4 wesley (wcraft) July 17, 2024
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via onclick events Patched CVE-2024-3925 6.4 Ngô Thiên An (ancorn_) June 11, 2024
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via custom_attributes Patched CVE-2024-3926 6.4 wesley (wcraft) May 21, 2024
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.3 - Form Submission Admin Email Bypass Patched CVE-2024-3927 5.3 Ngô Thiên An (ancorn_) May 21, 2024
Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) <= 5.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Panel Slider Widget Patched CVE-2024-1429 6.4 RandomRoot April 17, 2024
Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) <= 5.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Price List Widget Patched CVE-2024-1426 6.4 wesley (wcraft) April 17, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation