cleantalk
Vulnerabilities and Security Researches

Elementor Addon Elements, CVE-2025-12537

CVE, Research URL

CVE-2025-12537

Home page URL

Security reports for Elementor Addon Elements

Application

Elementor Addon Elements

Published on
Dec 14, 2025
Research Description
The Addon Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.14.3. This is due to insufficient input sanitization and output escaping on multiple widget parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts via multiple widget parameters in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.14.4.
Status
vulnerable
Previous vulnerability researches
Elementor Addon Elements (CVE-2024-13215) , Jan 17, 2025
Elementor Addon Elements (CVE-2026-28131) , Mar 30, 2026
Elementor Addon Elements (CVE-2022-4974) , Nov 15, 2024
Elementor Addon Elements (CVE-2024-8902) , Oct 13, 2024
Elementor Addon Elements (CVE-2024-4569) , Jun 28, 2024
New vulnerability
File Manager Pro – Filester , Mar 30, 2026
Simple Author Box , Mar 30, 2026
Customizable WordPress Gallery Plugin – Modula Image Gallery , Mar 30, 2026
Speed Optimizer – The All-In-One WordPress Performance-Boosting Plugin , Mar 30, 2026
Product Feed PRO for WooCommerce (CVE-2026-32443) , Mar 30, 2026