CVE-2025-2228

Name of the Vulnerable Software and Affected Versions The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress versions up to, and including, 1.6.8

Description The issue allows authenticated attackers with Contributor-level access and above to extract sensitive data, including usernames and passwords of users who register via the Edit Login | Registration Form widget, as long as the user opens the email notification for successful registration. This is possible due to the register user function.

Recommendations For versions up to, and including, 1.6.8, consider disabling the register user function until a patch is available to prevent exploitation. Restrict access to the Edit Login | Registration Form widget to minimize the risk of sensitive data exposure. Avoid using the widget for user registration until the issue is resolved.