PT-2025-40481 · WordPress · Ultra Addons Lite For Elementor
D.Sim
·
Published
2025-10-03
·
Updated
2025-10-03
·
CVE-2025-9077
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Ultra Addons Lite for Elementor plugin for WordPress versions 1.1.9 and below
Description
The software contains a flaw due to insufficient input sanitization and output escaping in the 'Animated Text' field of the Typeout Widget. This allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the affected page.
Recommendations
Update to a version of the Ultra Addons Lite for Elementor plugin for WordPress that addresses this issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ultra Addons Lite For Elementor