CVE-2025-7440

Name of the Vulnerable Software and Affected Versions: Anber Elementor Addon versions up to and including 1.0.1

Description: The Anber Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $item['button link']['url'] parameter due to insufficient input sanitization and output escaping. This allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts into pages, which will execute when a user accesses the injected page.

Recommendations: Update Anber Elementor Addon to a version newer than 1.0.1.