PT-2025-52732 · Elementor+1 · Elementor+1
Dmitry Ignatyev
·
Published
2025-12-23
·
Updated
2025-12-23
·
CVE-2025-14163
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Premium Addons for Elementor versions prior to 4.11.54
Description
The Premium Addons for Elementor plugin for WordPress is susceptible to Cross-Site Request Forgery. This is caused by a lack of nonce validation within the
insert inner template() function. An unauthenticated attacker could potentially create arbitrary Elementor templates by forging a request, provided they can trick a user with the 'edit posts' capability into performing an action.Recommendations
Update Premium Addons for Elementor to version 4.11.54 or later.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Elementor
Premium Addons For Elementor