CVE-2025-1639

Name of the Vulnerable Software and Affected Versions Animation Addons for Elementor Pro versions prior to 1.7

Description The issue allows authenticated attackers with Subscriber-level access and above to install and activate arbitrary plugins due to a missing capability check on the install elementor plugin handler() function. This can be leveraged to further infect a victim when Elementor is not activated on a vulnerable site.

Recommendations For versions prior to 1.7, update to version 1.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the install elementor plugin handler() function until a patch is available.