CVE-2025-12537

CVSS v3.1

6.4

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Addon Elements for Elementor plugin versions prior to 1.14.4

Description The Addon Elements for Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is caused by inadequate input sanitization and output escaping on multiple widget parameters. Authenticated attackers with Contributor-level access or higher can inject arbitrary web scripts through multiple widget parameters in pages. These scripts will execute when a user accesses the affected page.

Recommendations Update the Addon Elements for Elementor plugin to version 1.14.4 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-12537

Affected Products

Elementor Addon Elements

CVE-2025-12537

Weakness Enumeration

Related Identifiers

Affected Products

References · 7