CVE-2025-46258 – BdThemes Element Pack Pro Missing Authorization Vulnerability

June 5, 2025

CVE ID : CVE-2025-46258

Published : June 5, 2025, 6:15 p.m. | 3 hours, 52 minutes ago

Description : Missing Authorization vulnerability in BdThemes Element Pack Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Element Pack Pro: from n/a before 8.0.0.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5674 – “Code-Projects Patient Record Management System SQL Injection Vulnerability”

Next Article CVE-2025-46257 – BdThemes Element Pack Pro CSRF Vulnerability

Highlights

CVE-2024-12718 – Python Tarfile Filter File Metadata and Permission Modification Vulnerability

June 3, 2025

CVE ID : CVE-2024-12718

Published : June 3, 2025, 1:15 p.m. | 2 hours, 14 minutes ago

Description : Allows modifying some file metadata (e.g. last modified) with filter=”data” or file permissions (chmod) with filter=”tar” of files outside the extraction directory.
You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of “data” or “tar”. See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don’t include the extraction filter feature.

Note that for Python 3.14 or later the default value of filter= changed from “no filtering” to `”data”, so if you are relying on this new default behavior then your usage is also affected.

Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it’s important to avoid installing source distributions with suspicious links.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: A Unique Way to Primary Key

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

The best CRM software with email marketing in 2025: Expert tested and reviewed

This multi-port car charger can power 4 gadgets at once – and it’s surprisingly cheap

I’m a wearables editor and here are the 7 Pixel Watch 4 rumors I’m most curious about

8 ways I quickly leveled up my Linux skills – and you can too

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

Zero Trust & Cybersecurity Mesh: Your Org’s Survival Guide

Execute Ping Commands and Get Back Structured Data in PHP

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

“I don’t think I changed his mind” — NVIDIA CEO comments on H20 AI GPU sales resuming in China following a meeting with President Trump

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

CVE-2025-46258 – BdThemes Element Pack Pro Missing Authorization Vulnerability

CVE-2025-44658 – Netgear RAX30 PHP-FPM Misconfigured Extension Bypass Vulnerability

CVE-2025-7393 – Drupal Mail Login Authentication Bypass

OpenAI to Retain Non-Profit Structure, Focus on Societal Impact

The AI Fix #48: AI Jesus, and is the AI Singularity almost upon us?

TurboModules & Fabric: Powering the Next Generation of High-Performance Apps⚡

Iterator helpers have become Baseline Newly available

CVE-2024-12718 – Python Tarfile Filter File Metadata and Permission Modification Vulnerability

Better CSS Shapes Using shape() — Part 2: More on Arcs

CVE-2025-41661 – Apache Device Manager CSRF Root Shell

CVE-2025-4498 – Simple Bus Reservation System Buffer Overflow Vulnerability

CVE-2025-46258 – BdThemes Element Pack Pro Missing Authorization Vulnerability

Related Posts