cleantalk
Vulnerabilities and Security Researches

Better Elementor Addons, CVE-2025-12830

CVE, Research URL

CVE-2025-12830

Home page URL

Security reports for Better Elementor Addons

Application

Better Elementor Addons

Published on
Dec 12, 2025
Research Description
The Better Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Slider widget in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.5.4.
Status
vulnerable
Previous vulnerability researches
Better Elementor Addons (CVE-2023-41656) , Jun 10, 2024
Better Elementor Addons (CVE-2022-4974) , Nov 15, 2024
Better Elementor Addons (CVE-2024-2280) , Jun 07, 2024
Better Elementor Addons (CVE-2024-33541) , Jun 07, 2024
Better Elementor Addons (CVE-2024-34432) , Jun 07, 2024
New vulnerability
Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress (CVE-2026-1559) , Apr 20, 2026
Frontend File Manager Plugin (CVE-2026-1280) , Apr 20, 2026
WooMS (CVE-2025-57957) , Apr 20, 2026
Simple User Registration (CVE-2026-0844) , Apr 20, 2026
Kubio AI Page Builder (CVE-2026-5427) , Apr 20, 2026