Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)

Information

Software Type Plugin
Software Slug bdthemes-prime-slider-lite (view on wordpress.org)
Software Status Active
Software Author bdthemes
Software Website primeslider.pro
Software Downloads 2,237,286
Software Active Installs 100,000
Software Record Last Updated April 27, 2024

10 Vulnerabilities

Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider) <= 3.14.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
5.4
CVE-2024-1730
Apr 19, 2024
Researcher: Webbernaut
Prime Slider – Addons For Elementor <= 3.13.2 - Missing Authorization to Notice Dismissal
5.3
CVE-2024-32682
Apr 17, 2024
Researcher: Rafie Muhammad
Prime Slider – Addons For Elementor <= 3.13.2 - Missing Authorization
3.1
CVE-2024-32681
Apr 17, 2024
Researcher: Rafie Muhammad
Prime Slider – Addons For Elementor <= 3.13.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via title
6.4
CVE-2024-30186
Mar 25, 2024
Researcher: Abu Hurayra
Prime Slider – Addons For Elementor <= 3.13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Rubix Widget
6.4
CVE-2024-1507
Mar 12, 2024
Researcher: Nikolas
Prime Slider – Addons For Elementor <= 3.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Mercury Widget
6.4
CVE-2024-1508
Mar 12, 2024
Researcher: RandomRoot
Prime Slider – Addons For Elementor <= 3.13.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fiestar Widget
6.4
CVE-2024-1506
Mar 6, 2024
Researcher: wesley (wcraft)
Prime Slider – Addons For Elementor <= 3.11.10 - Incorrect Authorization via bdt_duplicate_as_draft
5.4
CVE-2024-24883
Feb 5, 2024
Researcher: Abu Hurayra
Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get
6.1
CVE-2023-33999
Jul 18, 2023
Researcher: Rafie Muhammad
Freemius SDK <= 2.4.2 - Missing Authorization Checks
6.3
CVE ID Unknown
Mar 4, 2022
Researchers:
Title CVE ID CVSS Researchers Date
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider) <= 3.14.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-1730 5.4 Webbernaut April 19, 2024
Prime Slider – Addons For Elementor <= 3.13.2 - Missing Authorization to Notice Dismissal CVE-2024-32682 5.3 Rafie Muhammad April 17, 2024
Prime Slider – Addons For Elementor <= 3.13.2 - Missing Authorization CVE-2024-32681 3.1 Rafie Muhammad April 17, 2024
Prime Slider – Addons For Elementor <= 3.13.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via title CVE-2024-30186 6.4 Abu Hurayra March 25, 2024
Prime Slider – Addons For Elementor <= 3.13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Rubix Widget CVE-2024-1507 6.4 Nikolas March 12, 2024
Prime Slider – Addons For Elementor <= 3.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Mercury Widget CVE-2024-1508 6.4 RandomRoot March 12, 2024
Prime Slider – Addons For Elementor <= 3.13.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fiestar Widget CVE-2024-1506 6.4 wesley (wcraft) March 6, 2024
Prime Slider – Addons For Elementor <= 3.11.10 - Incorrect Authorization via bdt_duplicate_as_draft CVE-2024-24883 5.4 Abu Hurayra February 5, 2024
Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get CVE-2023-33999 6.1 Rafie Muhammad July 18, 2023
Freemius SDK <= 2.4.2 - Missing Authorization Checks 6.3 March 4, 2022

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation