cleantalk
Vulnerabilities and Security Researches

Unlimited Elements For Elementor (Free Widgets, Addons, Templates), CVE-2025-8603

CVE, Research URL

CVE-2025-8603

Home page URL

Security reports for Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Application

Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Published on
Aug 28, 2025
Research Description
The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 1.5.148 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 1.5.149.
Status
vulnerable
Previous vulnerability researches
PPWP – Password Protect Pages (CVE-2024-0620) , Jun 06, 2024
PPWP – Password Protect Pages (CVE-2022-4626) , Jun 06, 2024
PPWP – Password Protect Pages (CVE-2025-5998) , Aug 27, 2025
PPWP – Password Protect Pages (CVE-2024-11280) , Dec 18, 2024
New vulnerability
Savyour Affiliate Partner (CVE-2025-48306) , Aug 29, 2025
bidorbuy Store Integrator (CVE-2025-48100) , Aug 29, 2025
Best Theme Builder For Elementor – FREE (CVE-2025-58198) , Aug 29, 2025
Google XML News Sitemap plugin (CVE-2025-48304) , Aug 28, 2025
Simple Download Monitor (CVE-2025-8977) , Aug 28, 2025