PT-2025-45566 · WordPress+1 · Athemes Addons For Elementor+1
Abu Hurayra
·
Published
2025-11-08
·
Updated
2025-11-08
·
CVE-2025-12837
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
aThemes Addons for Elementor plugin for WordPress versions through 1.1.5
Description
The aThemes Addons for Elementor plugin for WordPress has a flaw that allows for the injection of malicious web scripts. This is due to inadequate handling of user-provided data within the Call To Action widget. Authenticated attackers with contributor-level permissions or higher can exploit this to insert arbitrary web scripts into pages. These scripts will then execute when any user visits the affected page. The issue stems from insufficient input sanitization and output escaping of user-supplied values.
Recommendations
Update aThemes Addons for Elementor plugin for WordPress to a version later than 1.1.5.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Elementor
Athemes Addons For Elementor