CVE-2025-9082

Name of the Vulnerable Software and Affected Versions WPBITS Addons For Elementor plugin for WordPress versions up to and including 1.8

Description The software is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping when dynamic content is enabled. This allows authenticated attackers with contributor-level permissions or higher to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the affected page. The issue affects multiple widget parameters.

Recommendations Update WPBITS Addons For Elementor plugin for WordPress to a version later than 1.8.