PT-2025-40481 · WordPress · Ultra Addons Lite For Elementor

·

CVE-2025-9077

·

Published

2025-10-03

·

Updated

2025-10-03

CVSS v3.1

6.4

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Ultra Addons Lite for Elementor plugin for WordPress versions 1.1.9 and below
Description The software contains a flaw due to insufficient input sanitization and output escaping in the 'Animated Text' field of the Typeout Widget. This allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the affected page.
Recommendations Update to a version of the Ultra Addons Lite for Elementor plugin for WordPress that addresses this issue.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2025-9077

Affected Products

Ultra Addons Lite For Elementor