bdthemes Prime Slider
Moderate fix1 remedy
cpe:2.3:a:bdthemes:prime_slider:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 4.1.10
Prime Slider - Addons for Elementor Stored Cross-Site Scripting Vulnerability
Vulnerability
Patched
A stored cross-site scripting vulnerability has been identified in the Prime Slider - Addons for Elementor plugin for WordPress, affecting all versions through 4.1.10. The issue arises in the Mount widget, where the 'follow_us_text' setting is output without proper sanitization or escaping. This flaw allows authenticated attackers with Author-level access or higher to inject malicious scripts that are executed when users view the affected page.
Impact
Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the page.
Reproduction
To reproduce this vulnerability, an authenticated user with Author-level access or higher can inject a script into the 'follow_us_text' parameter of the Mount widget. This script will be executed when the page is accessed.
Remediation
Users are advised to update the Prime Slider - Addons for Elementor plugin to version 4.1.11 or later.
Added: Apr 8, 2026, 5:20 AM
Updated: Apr 8, 2026, 5:20 AM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
1.7exploitability
6.2remediation
7.7relevance
5.5threat
4.8urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.