cleantalk
Vulnerabilities and Security Researches

Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, , CVE-2026-40745

CVE, Research URL

CVE-2026-40745

Home page URL

Security reports for Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form,

Application

Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form,

Published on
Apr 15, 2026
Research Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Blind SQL Injection.This issue affects Element Pack Elementor Addons: from n/a through <= 8.4.2.
Affected versions
max 8.5.0.
Status
vulnerable
Previous vulnerability researches
Easy 3D Viewer (fb2e1bb3521d3147fbf4886d171a91edce069e89) , Jul 05, 2025
3D viewer &#8211; Embed 3D Models on WordPress (79871b5951fba7123eed7a0d39ed18b201b7c3b2) , Jun 07, 2024
3D viewer &#8211; Embed 3D Models on WordPress (CVE-2026-40729) , Apr 17, 2026
3D viewer &#8211; Embed 3D Models on WordPress (CVE-2022-4974) , Oct 20, 2024
New vulnerability
WP Docs (CVE-2026-3878) , Apr 17, 2026
Accessibly &#8211; WordPress Website Accessibility (CVE-2026-3643) , Apr 17, 2026
Barcode Scanner and Inventory manager. POS (Point of Sale) &#8211; scan barcodes &amp; create orders with barcode reader. (CVE-2026-4880) , Apr 17, 2026
OneSignal &#8211; Web Push Notifications (CVE-2026-3155) , Apr 17, 2026
Magazine Blocks – Blog Designer, Magazine &amp; Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid (CVE-2026-40728) , Apr 17, 2026