Element Pack – Widgets, Templates & Addons for Elementor

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > Element Pack – Widgets, Templates & Addons for Elementor

Information

Software Type	Plugin
Software Slug	bdthemes-element-pack-lite (view on wordpress.org)
Software Status	Active
Software Author	bdthemes
Software Website	elementpack.pro
Software Downloads	6,004,382
Software Active Installs	100,000
Software Record Last Updated	June 18, 2026

Showing 1-20 of 38 Vulnerabilities

Submit a Vulnerability

Element Pack Addons for Elementor <= 8.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Image Widget

6.4

CVE-2026-4655

Apr 7, 2026

Researcher: Webbernaut

Element Pack Elementor Addons <= 8.4.2 - Authenticated (Editor+) SQL Injection

4.9

CVE-2026-40745

Mar 23, 2026

Researcher: daroo

Element Pack Addons for Elementor <= 8.3.17 - Authenticated (Contributor+) Arbitrary File Read

6.5

CVE-2026-1793

Feb 14, 2026

Researcher: Chiao-Lin Yu (Steven Meow)

Element Pack Elementor Addons <= 8.3.13 - Cross-Site Request Forgery

4.3

CVE-2025-31413

Jan 16, 2026

Researcher: Arif Shaikh

Element Pack Addons for Elementor <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map widget

5.4

CVE-2025-13196

Nov 17, 2025

Researcher: zer0gh0st

Element Pack Addons for Elementor <= 8.2.5 - Authenticated (Subscriber+) Blind Server-Side Request Forgery

5.0

CVE-2025-11536

Oct 20, 2025

Researcher: LionTree

Element Pack Elementor Addons and Templates <= 8.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map Widget Marker Content

5.4

CVE-2025-8100

Aug 5, 2025

Researcher: zer0gh0st

Element Pack Addons for Elementor <= 8.0.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via data-caption Attribute

6.4

CVE-2025-5944

Jul 2, 2025

Researcher: Webbernaut

Element Pack Addons for Elementor – Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder <= 5.11.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

6.4

CVE-2025-5292

May 30, 2025

Researcher: Robert DeVore

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.29 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2025-1458

Apr 25, 2025

Researcher: zer0gh0st

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.28 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

6.4

CVE-2025-1457

Apr 18, 2025

Researcher: Webbernaut

Element Pack Lite - Addons for Elementor <= 5.10.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-12851

Jan 7, 2025

Researcher: zer0gh0st

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.12 - Missing Authorization

4.3

CVE-2024-11852

Dec 21, 2024

Researchers: Tieu Pham Trong Nhan, incognito

Element Pack Elementor Addons <= 5.10.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Lightbox Widget

6.4

CVE-2024-9058

Dec 2, 2024

Researcher: zer0gh0st

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Cookie Consent'

6.4

CVE-2024-10980

Nov 14, 2024

Researcher: Dmitrii Ignatyev

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-10493

Nov 7, 2024

Researcher: Dmitrii Ignatyev

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Map Widget

5.4

CVE-2024-9867

Nov 4, 2024

Researcher: zer0gh0st

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

6.5

CVE-2024-9657

Nov 4, 2024

Researcher: Webbernaut

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Custom Gallery Widget

6.4

CVE-2024-10310

Nov 1, 2024

Researcher: zer0gh0st

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate

5.4

CVE-2024-9868

Nov 1, 2024

Researcher: zer0gh0st

Title	Status	CVE ID	CVSS	Researchers	Date
Element Pack Addons for Elementor <= 8.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Image Widget	Patched	CVE-2026-4655	6.4	Webbernaut	April 7, 2026
Element Pack Elementor Addons <= 8.4.2 - Authenticated (Editor+) SQL Injection	Patched	CVE-2026-40745	4.9	daroo	March 23, 2026
Element Pack Addons for Elementor <= 8.3.17 - Authenticated (Contributor+) Arbitrary File Read	Patched	CVE-2026-1793	6.5	Chiao-Lin Yu (Steven Meow)	February 14, 2026
Element Pack Elementor Addons <= 8.3.13 - Cross-Site Request Forgery	Patched	CVE-2025-31413	4.3	Arif Shaikh	January 16, 2026
Element Pack Addons for Elementor <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map widget	Patched	CVE-2025-13196	5.4	zer0gh0st	November 17, 2025
Element Pack Addons for Elementor <= 8.2.5 - Authenticated (Subscriber+) Blind Server-Side Request Forgery	Patched	CVE-2025-11536	5.0	LionTree	October 20, 2025
Element Pack Elementor Addons and Templates <= 8.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map Widget Marker Content	Patched	CVE-2025-8100	5.4	zer0gh0st	August 5, 2025
Element Pack Addons for Elementor <= 8.0.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via data-caption Attribute	Patched	CVE-2025-5944	6.4	Webbernaut	July 2, 2025
Element Pack Addons for Elementor – Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder <= 5.11.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting	Patched	CVE-2025-5292	6.4	Robert DeVore	May 30, 2025
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.29 - Authenticated (Contributor+) Stored Cross-Site Scripting	Patched	CVE-2025-1458	6.4	zer0gh0st	April 25, 2025
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.28 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting	Patched	CVE-2025-1457	6.4	Webbernaut	April 18, 2025
Element Pack Lite - Addons for Elementor <= 5.10.14 - Authenticated (Contributor+) Stored Cross-Site Scripting	Patched	CVE-2024-12851	6.4	zer0gh0st	January 7, 2025
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.12 - Missing Authorization	Patched	CVE-2024-11852	4.3	Tieu Pham Trong Nhan, incognito	December 21, 2024
Element Pack Elementor Addons <= 5.10.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Lightbox Widget	Patched	CVE-2024-9058	6.4	zer0gh0st	December 2, 2024
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Cookie Consent'	Patched	CVE-2024-10980	6.4	Dmitrii Ignatyev	November 14, 2024
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	Patched	CVE-2024-10493	6.4	Dmitrii Ignatyev	November 7, 2024
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Map Widget	Patched	CVE-2024-9867	5.4	zer0gh0st	November 4, 2024
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting	Patched	CVE-2024-9657	6.5	Webbernaut	November 4, 2024
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Custom Gallery Widget	Patched	CVE-2024-10310	6.4	zer0gh0st	November 1, 2024
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate	Patched	CVE-2024-9868	5.4	zer0gh0st	November 1, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation