Prime Slider – Addons For Elementor <= 3.13.2 - Missing Authorization

Wordfence Intelligence > Vulnerability Database > Prime Slider – Addons For Elementor <= 3.13.2 - Missing Authorization

3.1

Missing Authorization

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

CVE	CVE-2024-32681
CVSS	3.1 (Low)
Publicly Published	April 17, 2024
Last Updated	April 23, 2024
Researcher	Rafie Muhammad - Awesome Motive, Inc.

Description

The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the dci_sdk_insights, dci_sdk_dismiss_notice, and rc_sdk_dismiss_notice functions in versions up to, and including, 3.13.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss notices.

References

Vulnerability Details for Prime Slider Addons for Elementor

Prime Slider Addons for Elementor

Software Type	Plugin
Software Slug	bdthemes-prime-slider-lite (view on wordpress.org)
Patched?	Yes
Remediation	Update to version 3.13.3, or a newer patched version
Affected Version	<= 3.13.2
Patched Version	3.13.3

Recent vulnerabilities in Prime Slider Addons for Elementor

Prime Slider <= 4.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'follow_us_text' Parameter

6.4

CVE-2026-4341

Apr 7, 2026

Researchers: Athiwat Tiprasaharn (Jitlada), Itthidej Aramsri (Boeing777)

Prime Slider – Addons for Elementor <= 4.0.9 - Authenticated (Subscriber+) Server-Side Request Forgery

4.3

CVE-2025-14277

Dec 17, 2025

Researcher: Deadbee

Prime Slider – Addons For Elementor <= 4.0.10 - Authenticated (Subscriber+) Server-Side Request Forgery

6.4

CVE-2025-68500

Dec 13, 2025

Researcher: NumeX

Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.16.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-12043

Jan 22, 2025

Researcher: zer0gh0st

Prime Slider - Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider <= 3.15.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Blog Widget

6.4

CVE-2024-8442

Nov 6, 2024

Researcher: Robert DeVore

Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pacific Widget

6.4

CVE-2024-5640

Jun 6, 2024

Researcher: wesley (wcraft)

Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pagepiling Widget

6.4

CVE-2024-3997

May 22, 2024

Researcher: Ngô Thiên An (ancorn_)

Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-4339

May 7, 2024

Researcher: Ngô Thiên An (ancorn_)

Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider) <= 3.14.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

5.4

CVE-2024-1730

Apr 19, 2024

Researcher: Webbernaut

Prime Slider – Addons For Elementor <= 3.13.2 - Missing Authorization to Notice Dismissal

5.3

CVE-2024-32682

Apr 17, 2024

Researcher: Rafie Muhammad

#	Title	CVE ID	CVSS	Researchers	Date
1	Prime Slider <= 4.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'follow_us_text' Parameter	CVE-2026-4341	6.4	Athiwat Tiprasaharn (Jitlada), Itthidej Aramsri (Boeing777)	April 7, 2026
2	Prime Slider – Addons for Elementor <= 4.0.9 - Authenticated (Subscriber+) Server-Side Request Forgery	CVE-2025-14277	4.3	Deadbee	December 17, 2025
3	Prime Slider – Addons For Elementor <= 4.0.10 - Authenticated (Subscriber+) Server-Side Request Forgery	CVE-2025-68500	6.4	NumeX	December 13, 2025
4	Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.16.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-12043	6.4	zer0gh0st	January 22, 2025
5	Prime Slider - Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider <= 3.15.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Blog Widget	CVE-2024-8442	6.4	Robert DeVore	November 6, 2024
6	Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pacific Widget	CVE-2024-5640	6.4	wesley (wcraft)	June 6, 2024
7	Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pagepiling Widget	CVE-2024-3997	6.4	Ngô Thiên An (ancorn_)	May 22, 2024
8	Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-4339	6.4	Ngô Thiên An (ancorn_)	May 7, 2024
9	Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider) <= 3.14.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-1730	5.4	Webbernaut	April 19, 2024
10	Prime Slider – Addons For Elementor <= 3.13.2 - Missing Authorization to Notice Dismissal	CVE-2024-32682	5.3	Rafie Muhammad	April 17, 2024

View more vulnerabilities in this software package View more vulnerabilities

This record contains material that is subject to copyright.

License: Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy. Read more.

License: CVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy. Read more.

Have information to add, or spot any errors? Contact us at wfi-support@wordfence.com so we can make any appropriate adjustments.

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation