Platform
wordpress
Component
bdthemes-element-pack-lite
Fixed in
8.3.14
CVE-2025-31413 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in bdthemes Element Pack Elementor Addons. This flaw allows an attacker to trick a legitimate user into unknowingly performing actions they did not intend, potentially leading to unauthorized modifications or deletions within the Elementor-based website. The vulnerability impacts versions from 0.0.0 through 8.3.13, and a patch is available in version 8.3.14.
A successful CSRF attack can have significant consequences for websites using Element Pack Elementor Addons. An attacker could leverage this vulnerability to modify website content, change user roles, delete critical data, or even gain administrative access. The impact is amplified if the website handles sensitive user data or performs critical business functions. The attacker needs to craft a malicious request and trick the user into clicking a link or visiting a compromised page. This vulnerability is similar in nature to other CSRF vulnerabilities, but the specific impact depends on the permissions and functionalities exposed by Element Pack.
CVE-2025-31413 was publicly disclosed on 2026-01-22. There is no indication of active exploitation campaigns at this time. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept (PoC) code may become available, increasing the risk of exploitation.
Exploit Status
EPSS
0.02% (5% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-31413 is to immediately upgrade Element Pack Elementor Addons to version 8.3.14 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider implementing temporary workarounds. These might include adding CSRF tokens to all sensitive forms and actions within Element Pack, or using a Web Application Firewall (WAF) to filter out malicious requests. Review and restrict user permissions to minimize the potential damage from a successful attack. After upgrade, confirm the fix by attempting a CSRF attack on a test environment and verifying that the request is blocked or fails.
Update to version 8.3.14, or a newer patched version
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-31413 is a Cross-Site Request Forgery (CSRF) vulnerability affecting Element Pack Elementor Addons versions 0.0.0–8.3.13, allowing attackers to perform unauthorized actions.
You are affected if you are using Element Pack Elementor Addons versions 0.0.0 through 8.3.13. Upgrade to 8.3.14 or later to mitigate the risk.
Upgrade Element Pack Elementor Addons to version 8.3.14 or later. Consider temporary workarounds like CSRF tokens or a WAF if immediate upgrade is not possible.
There is currently no indication of active exploitation campaigns, but public PoCs may emerge, increasing the risk.
Refer to the official Element Pack Elementor Addons website or their security advisory page for the latest information and updates regarding CVE-2025-31413.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.