CVE-2025-68500
WordPress Prime Slider – Addons For Elementor plugin <= 4.0.10 - Server Side Request Forgery (SSRF) vulnerability
CVSS Score
4.9
EPSS Score
0.0%
EPSS Percentile
0th
Server-Side Request Forgery (SSRF) vulnerability in bdthemes Prime Slider – Addons For Elementor bdthemes-prime-slider-lite allows Server Side Request Forgery.This issue affects Prime Slider – Addons For Elementor: from n/a through <= 4.0.10.
| CWE | CWE-918 |
| Vendor | bdthemes |
| Product | prime slider – addons for elementor |
| Published | Dec 24, 2025 |
| Last Updated | Apr 28, 2026 |
Stay Ahead of the Next One
Get instant alerts for bdthemes prime slider – addons for elementor
Be the first to know when new medium vulnerabilities affecting bdthemes prime slider – addons for elementor are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Affected Versions
bdthemes / Prime Slider – Addons For Elementor
0 ≤ 4.0.10
References
Credits
NumeX | Patchstack Bug Bounty Program