cleantalk
Vulnerabilities and Security Researches

The Plus Addons for Elementor, CVE-2025-7646

CVE, Research URL

CVE-2025-7646

Home page URL

Security reports for The Plus Addons for Elementor

Application

The Plus Addons for Elementor

Published on
Aug 01, 2025
Research Description
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom script parameter in all versions up to, and including, 6.3.10 even when the user does not have the unfiltered_html capability. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 6.3.11.
Status
vulnerable
Previous vulnerability researches
BackWPup – WordPress Backup Plugin , May 27, 2025
BackWPup – WordPress Backup Plugin (CVE-2017-2551) , Jun 07, 2024
BackWPup – WordPress Backup Plugin (CVE-2011-5208) , Jun 07, 2024
BackWPup – WordPress Backup Plugin (CVE-2013-4626) , Jun 07, 2024
BackWPup – WordPress Backup Plugin (CVE-2011-4342) , Jun 07, 2024
New vulnerability
My Reservation System (CVE-2025-7022) , Aug 02, 2025
Connector for Gravity Forms and Google Sheets (CVE-2025-54682) , Aug 02, 2025
Content Egg (CVE-2025-47536) , Aug 02, 2025
Smart Slider 3 (CVE-2025-6348) , Aug 02, 2025
Realtyna Organic IDX plugin + WPL Real Estate (CVE-2025-54052) , Aug 02, 2025