Description
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 8.2.5 via the wp_ajax_import_elementor_template action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Published: 2025-10-20
Score: 5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Blind Server‑Side Request Forgery
Action: Patch Immediately
AI Analysis

Impact

The Element Pack Addons for Elementor plugin contains a blind server‑side request forgery flaw that allows authenticated users with Subscriber level or higher to direct the application to make HTTP requests to arbitrary hosts. Because the requests are made from the web server’s environment, the attacker can interact with internal networks that are otherwise inaccessible from the outside. The flaw can lead to data leaks, unauthorized changes to internal services, or further exploitation such as privilege escalation. The weakness is classified as CWE‑918.

Affected Systems

bdthemes Element Pack – Widgets, Templates & Addons for Elementor, versions up to 8.2.5

Risk and Exploitability

The CVSS score of 5 indicates moderate potential for impact, while an EPSS score under 1% suggests a low current likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Attackers must already be authenticated as a Subscriber or higher in the WordPress site and then invoke the import template action to send forged requests from the host.

Generated by OpenCVE AI on April 22, 2026 at 12:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Element Pack – Widgets, Templates & Addons for Elementor to version 8.2.6 or later to eliminate the SSRF flaw.
  • Disable or restrict access to the wp_ajax_import_elementor_template action for users with only Subscriber-level permissions.
  • Introduce network segmentation or firewall rules to block outgoing requests from the web server to internal services that should remain inaccessible.

Generated by OpenCVE AI on April 22, 2026 at 12:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 21 Oct 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 21 Oct 2025 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Bdthemes
Bdthemes element Pack
Bdthemes element Pack Elementor Addons
Element Pack Elementor Addons Wordpress
Element Pack Elementor Addons Wordpress element Pack Elementor Addons Wordpress
Wordpress
Wordpress wordpress
Vendors & Products Bdthemes
Bdthemes element Pack
Bdthemes element Pack Elementor Addons
Element Pack Elementor Addons Wordpress
Element Pack Elementor Addons Wordpress element Pack Elementor Addons Wordpress
Wordpress
Wordpress wordpress

Mon, 20 Oct 2025 21:45:00 +0000

Type Values Removed Values Added
Description The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 8.2.5 via the wp_ajax_import_elementor_template action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Title Element Pack Addons for Elementor <= 8.2.5 - Authenticated (Subscriber+) Blind Server-Side Request Forgery
Weaknesses CWE-918
References
Metrics cvssV3_1

{'score': 5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N'}

Subscriptions

Bdthemes Element Pack Element Pack Elementor Addons
Element Pack Elementor Addons Wordpress Element Pack Elementor Addons Wordpress
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:10:32.363Z

Reserved: 2025-10-08T22:16:18.680Z

Link: CVE-2025-11536

cve-icon Vulnrichment

Updated: 2025-10-21T13:43:09.434Z

cve-icon NVD

Status : Deferred

Published: 2025-10-20T22:15:36.727

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-11536

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T12:45:17Z

Weaknesses