Vulnerabilities > Bdthemes > Element Pack > 5.10.3

DATE CVE VULNERABILITY TITLE RISK
2025-01-08 CVE-2024-12851 Cross-site Scripting vulnerability in Bdthemes Element Pack
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom_attributes parameter of the Cookie Consent Widget in all versions up to, and including, 5.10.14 due to insufficient input sanitization and output escaping.
network
low complexity
bdthemes CWE-79
5.4
5.4
2024-12-22 CVE-2024-11852 Missing Authorization vulnerability in Bdthemes Element Pack
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_layouts() function in all versions up to, and including, 5.10.12.
network
low complexity
bdthemes CWE-862
4.3
4.3
2024-12-03 CVE-2024-9058 Cross-site Scripting vulnerability in Bdthemes Element Pack
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Lightbox widget in all versions up to, and including, 5.10.5 due to insufficient input sanitization and output escaping.
network
low complexity
bdthemes CWE-79
5.4
5.4