Cross-Site Request Forgery Vulnerability in BdThemes Element Pack Pro
CVE-2025-46257

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Element Pack Pro
Vendor: CVE Published:; 5 June 2025

What is CVE-2025-46257?

BdThemes Element Pack Pro is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability, which may allow an attacker to perform unauthorized actions on behalf of a victim user. This issue impacts versions of Element Pack Pro prior to 8.0.0, posing a risk to users who have not yet updated their installations. Proper security measures and timely updates are crucial to mitigate the potential attacks leveraging this vulnerability.

Affected Version(s)

Element Pack Pro < 8.0.0

References

https://patchstack.com/database/wordpress/plugin/bdthemes...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 5, 2025
Vulnerability Reserved
Apr 22, 2025

Credit

Rafie Muhammad (Patchstack)

WordPress

What is CVE-2025-46257?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit