Vulnerabilities > Bdthemes > Element Pack > 5.6.13

DATE CVE VULNERABILITY TITLE RISK
2024-08-12 CVE-2024-4360 Cross-site Scripting vulnerability in Bdthemes Element Pack
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 5.7.2 due to insufficient input sanitization and output escaping on user supplied attributes like 'title_tag'.
network
low complexity
bdthemes CWE-79
5.4
5.4
2024-08-02 CVE-2024-4643 Cross-site Scripting vulnerability in Bdthemes Element Pack
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘end_redirect_link’ parameter in versions up to, and including, 5.7.1 due to insufficient input sanitization and output escaping.
network
low complexity
bdthemes CWE-79
5.4
5.4