CVE-2026-4655 | bdthemes Element Pack Plugin up to 8.4.2 on WordPress SVG Image Widget render_svg cross site scripting

Inserito da Angelo Barbosa | Apr 8, 2026 | CVE

A vulnerability was found in bdthemes Element Pack Plugin up to 8.4.2 on WordPress. It has been classified as problematic. This affects the function render_svg of the component SVG Image Widget. The manipulation leads to cross site scripting.

This vulnerability is traded as CVE-2026-4655. It is possible to initiate the attack remotely. There is no exploit available.

Upgrading the affected component is recommended.

CVE-2026-4655 | bdthemes Element Pack Plugin up to 8.4.2 on WordPress SVG Image Widget render_svg cross site scripting

Post correlati

CVE-2025-1858 | Codezips Online Shopping Website 1.0 /success.php id sql injection

CVE-2025-13179 | Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System cross-site request forgery

CVE-2025-54542 | OpenSolution QuickCMS 6.8 get request method with sensitive query strings

CVE-2025-8257 | Lobby Universe Lobby App up to 2.8.0 on Android com.maverick.lobby AndroidManifest.xml improper export of android application components