Title: Update Bootstrap Last modified: May 15, 2026 --- # Update Bootstrap * [glampetsts](https://wordpress.org/support/users/glampetsts/) * (@glampetsts) * [1 week, 5 days ago](https://wordpress.org/support/topic/update-bootstrap/) * During a security audit of our website, we identified that ElementsKit Lite bundles an internal copy of Bootstrap 4.0.0 inside `widgets/init/assets/js/widget-scripts. js`, labeled in the code as “Ekit Prefixed Bootstrap.” * Bootstrap 4.0.0 is affected by several known XSS vulnerabilities (CVE-2018-14040, CVE-2018-14041, CVE-2018-14042, CVE-2019-8331), which were patched in Bootstrap 4.1.2 and later. We have confirmed this bundled copy is present in the latest release (v3.9.3) and has not been updated in any published version. * We would like to request that the bundled Bootstrap dependency be updated to a patched version (4.6.x or 5.x) in a future release. * Thank you. Viewing 4 replies - 1 through 4 (of 4 total) * [Tusher Ikbal](https://wordpress.org/support/users/tusherikbal/) * (@tusherikbal) * [1 week, 4 days ago](https://wordpress.org/support/topic/update-bootstrap/#post-18910076) * Hi [glampetsts](https://wordpress.org/support/users/glampetsts/),  * Thank you for bringing this to our attention. We are already aware of this concern, and our development team is currently working on removing the Bootstrap dependency from **ElementsKit Lite**. We are moving toward implementing our own CSS framework, which will provide better security, stability, and overall performance. * We appreciate your detailed report and your contribution to improving the plugin. * Thank you for your understanding. * Regards, Ikbal * [BackuPs](https://wordpress.org/support/users/neo2k23/) * (@neo2k23) * [1 week, 1 day ago](https://wordpress.org/support/topic/update-bootstrap/#post-18913331) * [@glampetsts](https://wordpress.org/support/users/glampetsts/) CVE-2018-14040 was patched in 3.4.0[CVE-2018-14041](https://github.com/advisories/GHSA-pj7m-g53m-7638) does not exist in bootstrap 3.3.7 or aboveCVE-2018-14042 was patched in 3.4.0 [https://github.com/advisories/GHSA-7mvr-5x2g-wfc8](https://github.com/advisories/GHSA-7mvr-5x2g-wfc8) CVE-2019-8331 was fixed in version 3.4.1Anyway [@tusherikbal](https://wordpress.org/support/users/tusherikbal/) please update bootstrap to version 3.4.1 which is easy and fixes 3 vulnerabilities that exist in bootstrap 3.3.7. You can just update the bootstrap.js and bootstrap. css to version 3.4.1 without loosing functionality of your plugin. They are almost 100% the same except the fix for the 2 vulnerabilities * [v3.4.1](https://github.com/twbs/bootstrap/releases/tag/v3.4.1) - **Security:** Fixed an XSS vulnerability ([CVE-2019-8331](https://github.com/advisories/GHSA-9v3m-8fp8-mj99)) in our tooltip and popover plugins by implementing a new HTML sanitizer * [v3.4.0](https://github.com/twbs/bootstrap/releases/tag/v3.4.0) - **Fixed:** Resolved an XSS issue in Alert, Carousel, Collapse, Dropdown, Modal, and Tab components. See [https://snyk.io/vuln/npm:bootstrap:20160627](https://snyk.io/vuln/npm:bootstrap:20160627) for details. * [https://www.herodevs.com/support/nes-bootstrap?utm_source=Bootstrap_site&utm_medium=Banner&utm_campaign=v3and4_eol](https://www.herodevs.com/support/nes-bootstrap?utm_source=Bootstrap_site&utm_medium=Banner&utm_campaign=v3and4_eol) * [BackuPs](https://wordpress.org/support/users/neo2k23/) * (@neo2k23) * [1 week, 1 day ago](https://wordpress.org/support/topic/update-bootstrap/#post-18913443) * [@tusherikbal](https://wordpress.org/support/users/tusherikbal/) i can send you a modified bootstrap 3.4.1 version that fixes all security issues also the on the one that is not fixed in v 3.4.1 (cve-2025-2647). It is very easy to fix your selves and that closes all security issues with bootstrap below version 4 [https://www.herodevs.com/vulnerability-directory/cve-2025-1647?nes-for-bootstrap](https://www.herodevs.com/vulnerability-directory/cve-2025-1647?nes-for-bootstrap) * [Tusher Ikbal](https://wordpress.org/support/users/tusherikbal/) * (@tusherikbal) * [1 week ago](https://wordpress.org/support/topic/update-bootstrap/#post-18914237) * Hi, * Thank you for sharing this information and for your effort in helping us improve security. We truly appreciate your suggestion and the resources you provided regarding the Bootstrap vulnerabilities and fixes. * Our development team is already reviewing and working on the related security improvements internally. Your feedback is valuable to us and will certainly help during the investigation and update process. * Thank you again for your cooperation and support. * Best regards, Ikbal Viewing 4 replies - 1 through 4 (of 4 total) You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fupdate-bootstrap%2F%3Foutput_format%3Dmd&locale=en_US) to reply to this topic. * ![](https://ps.w.org/elementskit-lite/assets/icon-256x256.gif?rev=2518175) * [ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor](https://wordpress.org/plugins/elementskit-lite/) * [Frequently Asked Questions](https://wordpress.org/plugins/elementskit-lite/#faq) * [Support Threads](https://wordpress.org/support/plugin/elementskit-lite/) * [Active Topics](https://wordpress.org/support/plugin/elementskit-lite/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/elementskit-lite/unresolved/) * [Reviews](https://wordpress.org/support/plugin/elementskit-lite/reviews/) * 7 replies * 3 participants * Last reply from: [Tusher Ikbal](https://wordpress.org/support/users/tusherikbal/) * Last activity: [1 week ago](https://wordpress.org/support/topic/update-bootstrap/#post-18914237) * Status: not resolved