Primary

Context

bdthemes Ultimate Store Kit Elementor Addons Deserialization of Untrusted Data Vulnerability

Vulnerability

A deserialization of untrusted data vulnerability has been identified in bdthemes Ultimate Store Kit Elementor Addons, affecting versions through 2.4.0. This vulnerability allows object injection, which could be exploited to manipulate the application's logic, cause a denial-of-service, or execute arbitrary code. In some cases, it may even allow unauthorized access to the admin panel.

Impact

Exploitation of this vulnerability could lead to object injection, allowing for manipulation of application logic, denial-of-service conditions, or execution of arbitrary code. Such code execution could potentially be used to gain access to the admin panel.

Remediation

Users are advised to update to version 2.4.1 or later. Patchstack users can enable auto-update for vulnerable plugins.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

bdthemes Ultimate Store Kit Elementor Addons Deserialization of Untrusted Data Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating