GCVE - cpe:2.3:a:bdthemes:prime_slider:*:*:*:*:pro:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:bdthemes:prime_slider:*:*:*:*:pro:wordpress:*:*

part: a version: * update: *

Vendor	Bdthemes (`5429b37a-0acd-5ad1-805d-fa178e11cdda`)
Product	Prime Slider (`f66a2c59-1b7b-5263-a798-784812c52204`)
Edition	*
Language	*
Software edition	pro
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/common-repository/bdthemes-prime-slider-lite`	purl2cpe	2026-06-01 10:16:57.622073

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-3997`	vulnerable	2026-06-03 14:56:32.638393	Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pagepiling Widget MEDIUM (6.4) The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pagepiling widget in all versions up to, and including, 3.14.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: 2024-05-23T11:02:38.420Z Updated: 2026-04-08T17:05:03.140Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/8736fb91-d05c-4f7e-81ff-00dfa44961f5?source=cve https://plugins.trac.wordpress.org/changeset/3074395	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-1730`	vulnerable	2026-06-03 14:54:34.425087	Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider) <= 3.14.0 - Authenticated (Contributor+) Stored Cross-Site Scripting MEDIUM (5.4) The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via urls in link fields, images from URLs, and html tags used in widgets in all versions up to, and including, 3.14.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: 2024-04-20T03:21:17.632Z Updated: 2026-04-08T17:29:55.428Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/e5a2ed81-254e-460c-b3a4-0cb38e089142?source=cve https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3072100%40bdthemes-prime-slider-lite&new=3072100%40bdthemes-prime-slider-lite&sfp_email=&sfph_mail=	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-1508`	vulnerable	2026-06-03 14:54:27.153168	Prime Slider – Addons For Elementor <= 3.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Mercury Widget MEDIUM (6.4) The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'settings['title_tags']' attribute of the Mercury widget in all versions up to, and including, 3.13.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: 2024-03-13T13:52:12.286Z Updated: 2026-04-08T17:02:56.586Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/7da00af0-edd1-4c39-ae33-a0dc21bd25a2?source=cve https://plugins.trac.wordpress.org/changeset/3047591/bdthemes-prime-slider-lite	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-1507`	vulnerable	2026-06-03 14:54:27.152728	Prime Slider – Addons For Elementor <= 3.13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Rubix Widget MEDIUM (6.4) The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title_tags' attribute of the Rubix widget in all versions up to, and including, 3.13.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: 2024-03-13T13:52:11.656Z Updated: 2026-04-08T16:34:33.961Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/09f2cb22-07e2-4fe5-8c2a-9d4420ee26ed?source=cve https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3048521%40bdthemes-prime-slider-lite&new=3048521%40bdthemes-prime-slider-lite&sfp_email=&sfph_mail=#file3	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.