WordPress · Elementskit Elementor Addons/Templates · CVE-2025-3614
**Name of the Vulnerable Software and Affected Versions**
ElementsKit Elementor Addons and Templates versions prior to 3.5.3
**Description**
The ElementsKit Elementor Addons and Templates plugin for WordPress is susceptible to Stored Cross-Site Scripting via the URL attribute of a custom widget due to insufficient input sanitization and output escaping. This allows authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page.
**Recommendations**
Update ElementsKit Elementor Addons and Templates to version 3.5.3 or later.