PT-2025-42820 · WordPress+1 · Element Pack Elementor Addons+1

Liontree

Published

2025-10-20

Updated

2025-10-21

CVE-2025-11536

CVSS v3.1

5.0

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Element Pack Addons for Elementor plugin for WordPress versions up to and including 8.2.5

Description The Element Pack Addons for Elementor plugin for WordPress is susceptible to a Blind Server-Side Request Forgery issue. This affects versions up to and including 8.2.5. Authenticated attackers with Subscriber-level access or higher can exploit this to make web requests to arbitrary locations from the web application. This can potentially allow querying and modification of information from internal services via the wp ajax import elementor template action.

Recommendations Update Element Pack Addons for Elementor plugin for WordPress to a version later than 8.2.5.

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2025-11536

Affected Products

Element Pack Elementor Addons

Elementor

PT-2025-42820 · WordPress+1 · Element Pack Elementor Addons+1

CVE-2025-11536

Weakness Enumeration

Related Identifiers

Affected Products

References · 6