Vulnerabilities and security researches forut-elementor-addons-lite ut-elementor-addons-lite
Direction: descendingNov 11, 2025
Ultra Addons Lite for Elementor # CVE-2023-53589
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 04, 2025
- Research Description
- In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't trust firmware n_channels If the firmware sends us a corrupted MCC response with n_channels much larger than the command response can be, we might copy far too much (uninitialized) memory and even crash if the n_channels is large enough to make it run out of the one page allocated for the FW response. Fix that by checking the lengths. Doing a < comparison would be sufficient, but the firmware should be doing it correctly, so check more strictly.
- Affected versions
-
max 1.2.0.
- Status
-
vulnerable
Apr 05, 2025
Ultra Addons Lite for Elementor # CVE-2025-32192
- CVE, Research URL
- Home page URL
- Application
- Date
- Apr 04, 2025
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UltraPress Ultra Addons Lite for Elementor allows Stored XSS. This issue affects Ultra Addons Lite for Elementor: from n/a through 1.1.8.
- Affected versions
-
max 1.1.9.
- Status
-
vulnerable
Mar 01, 2025
Ultra Addons Lite for Elementor # CVE-2024-13832
- CVE, Research URL
- Home page URL
- Application
- Date
- Feb 28, 2025
- Research Description
- The Ultra Addons Lite for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.8 via the 'ut_elementor' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.
- Affected versions
-
max 1.1.9.
- Status
-
vulnerable