Description
Cross-Site Request Forgery (CSRF) vulnerability in BdThemes Element Pack Pro allows Cross Site Request Forgery.This issue affects Element Pack Pro: from n/a before 8.0.0.
Published: 2025-06-05
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a CSRF flaw that allows an attacker to trigger authenticated requests in a WordPress site using the Element Pack Pro plugin. It is classified as CWE‑352 and has a CVSS score of 4.3, indicating moderate severity.

Affected Systems

BdThemes Element Pack Pro plugin versions prior to 8.0.0 on WordPress sites are affected. Sites running any earlier or unspecified version are vulnerable until the upgrade to 8.0.0 or later.

Risk and Exploitability

The EPSS score of < 1% shows a very low likelihood of exploitation in the wild. The vulnerability is not listed in CISA KEV, so there are no known large‑scale exploits. An attacker would need to trick a logged‑in user into visiting a crafted URL or form to trigger an authorized action, implying that the attack surface is limited to users who have access to the plugin’s authenticated endpoints.

Generated by OpenCVE AI on May 1, 2026 at 08:00 UTC.

Remediation

Vendor Solution

Update the WordPress Element Pack Pro wordpress plugin to the latest available version (at least 8.0.0).

OpenCVE Recommended Actions

  • Update the BdThemes Element Pack Pro plugin to version 8.0.0 or later
  • Review WordPress plugin update settings to automate future patching
  • If upgrade is not immediately possible, restrict access to the plugin’s administrative pages or disable the plugin until a patch is available

Generated by OpenCVE AI on May 1, 2026 at 08:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-17011 Cross-Site Request Forgery (CSRF) vulnerability in BdThemes Element Pack Pro allows Cross Site Request Forgery.This issue affects Element Pack Pro: from n/a before 8.0.0.
History

Tue, 28 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
References

Tue, 28 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in BdThemes Element Pack Pro bdthemes-element-pack allows Cross Site Request Forgery.This issue affects Element Pack Pro: from n/a through < 8.0.0. Cross-Site Request Forgery (CSRF) vulnerability in BdThemes Element Pack Pro allows Cross Site Request Forgery.This issue affects Element Pack Pro: from n/a before 8.0.0.
References

Thu, 23 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
References

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in BdThemes Element Pack Pro allows Cross Site Request Forgery.This issue affects Element Pack Pro: from n/a before 8.0.0. Cross-Site Request Forgery (CSRF) vulnerability in BdThemes Element Pack Pro bdthemes-element-pack allows Cross Site Request Forgery.This issue affects Element Pack Pro: from n/a through < 8.0.0.
References

Thu, 05 Jun 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 05 Jun 2025 17:45:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in BdThemes Element Pack Pro allows Cross Site Request Forgery.This issue affects Element Pack Pro: from n/a before 8.0.0.
Title WordPress Element Pack Pro Plugin < 8.0.0 - Cross Site Request Forgery (CSRF) vulnerability
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:37.097Z

Reserved: 2025-04-22T09:21:51.395Z

Link: CVE-2025-46257

cve-icon Vulnrichment

Updated: 2025-06-05T17:52:55.435Z

cve-icon NVD

Status : Deferred

Published: 2025-06-05T18:15:21.753

Modified: 2026-04-28T19:32:10.907

Link: CVE-2025-46257

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T08:00:13Z

Weaknesses