Vulnerabilities and security researches forut-elementor-addons-lite ut-elementor-addons-lite

Mar 01, 2025

CVE, Research URL: CVE-2024-13832
Home page URL: Security reports for Ultra Addons Lite for Elementor
Application: Ultra Addons Lite for Elementor
Date: Feb 28, 2025
Research Description: The Ultra Addons Lite for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.8 via the 'ut_elementor' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.
Affected versions: max 1.1.9.
Status: vulnerable

Apr 05, 2025

CVE, Research URL: CVE-2025-32192
Home page URL: Security reports for Ultra Addons Lite for Elementor
Application: Ultra Addons Lite for Elementor
Date: Apr 04, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UltraPress Ultra Addons Lite for Elementor allows Stored XSS. This issue affects Ultra Addons Lite for Elementor: from n/a through 1.1.8.
Affected versions: max 1.1.9.
Status: vulnerable

Nov 11, 2025

CVE, Research URL: CVE-2023-53589
Home page URL: Security reports for Ultra Addons Lite for Elementor
Application: Ultra Addons Lite for Elementor
Date: Oct 04, 2025
Research Description: In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't trust firmware n_channels If the firmware sends us a corrupted MCC response with n_channels much larger than the command response can be, we might copy far too much (uninitialized) memory and even crash if the n_channels is large enough to make it run out of the one page allocated for the FW response. Fix that by checking the lengths. Doing a < comparison would be sufficient, but the firmware should be doing it correctly, so check more strictly.
Affected versions: max 1.2.0.
Status: vulnerable

Apr 25, 2026

CVE, Research URL: CVE-2025-9077
Home page URL: Security reports for Ultra Addons Lite for Elementor
Application: Ultra Addons Lite for Elementor
Date: Oct 03, 2025
Research Description: The Ultra Addons Lite for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Animated Text' field of the Typeout Widget in version 1.1.9 and below due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 1.2.0.
Status: vulnerable