Description
Cross-Site Request Forgery (CSRF) vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Cross Site Request Forgery.This issue affects Element Pack Elementor Addons: from n/a through <= 8.3.13.
Published: 2026-01-22
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a Cross‑Site Request Forgery flaw found in the bdthemes Element Pack Elementor Addons plugin for WordPress. The flaw allows an attacker to force a logged‑in user to perform actions that the user did not intend, by crafting a request that the plugin will accept as legitimate. The vulnerability does not specify that it enables arbitrary code execution or file uploads; it simply permits unauthorized actions that the authenticated user could perform.

Affected Systems

The bdthemes Element Pack Elementor Addons plugin, including the element‑pack-lite variant, is vulnerable in all releases up to and including version 8.3.13 on WordPress sites.

Risk and Exploitability

The CVSS score of 4.3 indicates medium severity, while the EPSS score of less than 1% shows a very low probability of exploitation. The flaw is not listed in the CISA KEV catalog. Exploitation requires the attacker to get the victim to visit a specially crafted URL or otherwise submit a forged request while authenticated, implying that valid user interaction is necessary for the attack to succeed.

Generated by OpenCVE AI on May 1, 2026 at 05:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the bdthemes Element Pack Elementor Addons plugin to the latest available version, which corrects the CSRF issue.
  • If an immediate update is not possible, disable or uninstall the plugin to prevent the exploitation of the flaw.
  • Monitor official bdthemes sources and the vendor’s security advisories for any new patches or security notices related to this plugin.

Generated by OpenCVE AI on May 1, 2026 at 05:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Mon, 26 Jan 2026 23:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 23 Jan 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Bdthemes
Bdthemes element Pack Elementor Addons
Wordpress
Wordpress wordpress
Vendors & Products Bdthemes
Bdthemes element Pack Elementor Addons
Wordpress
Wordpress wordpress

Thu, 22 Jan 2026 23:00:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Cross Site Request Forgery.This issue affects Element Pack Elementor Addons: from n/a through <= 8.3.13.
Title WordPress Element Pack Elementor Addons plugin <= 8.3.13 - Cross Site Request Forgery (CSRF) vulnerability
Weaknesses CWE-352
References

Subscriptions

Bdthemes Element Pack Elementor Addons
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:06.898Z

Reserved: 2025-03-28T10:59:52.731Z

Link: CVE-2025-31413

cve-icon Vulnrichment

Updated: 2026-01-26T22:02:08.068Z

cve-icon NVD

Status : Deferred

Published: 2026-01-22T17:15:54.130

Modified: 2026-04-27T16:16:27.440

Link: CVE-2025-31413

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T06:00:13Z

Weaknesses