Vulnerabilities > Bdthemes > Element Pack > 5.7.2

DATE CVE VULNERABILITY TITLE RISK
2024-08-12 CVE-2024-4360 Cross-site Scripting vulnerability in Bdthemes Element Pack
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 5.7.2 due to insufficient input sanitization and output escaping on user supplied attributes like 'title_tag'.
network
low complexity
bdthemes CWE-79
5.4
5.4
2024-08-01 CVE-2024-2455 Cross-site Scripting vulnerability in Bdthemes Element Pack
The Element Pack - Addon for Elementor Page Builder WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget wrapper link URL in all versions up to, and including, 7.9.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
bdthemes CWE-79
5.4
5.4
2024-06-04 CVE-2024-33568 Path Traversal vulnerability in Bdthemes Element Pack
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Deserialization of Untrusted Data vulnerability in BdThemes Element Pack Pro allows Path Traversal, Object Injection.This issue affects Element Pack Pro: from n/a before 7.19.3.
network
low complexity
bdthemes CWE-22
6.5
6.5