cleantalk
Vulnerabilities and Security Researches

UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Element, CVE-2025-48131

CVE, Research URL

CVE-2025-48131

Home page URL

Security reports for UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Element

Application

UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Element

Published on
May 16, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saiful Islam UltraAddons Elementor Lite allows Stored XSS. This issue affects UltraAddons Elementor Lite: from n/a through 2.0.0.
Affected versions
Min -, max 2.0.0.
Status
vulnerable
Previous vulnerability researches
Sailthru Triggermail (CVE-2024-4289) , Jun 10, 2024
Sailthru Triggermail (CVE-2024-4290) , Jun 10, 2024
Sailthru Triggermail (CVE-2024-11141) , May 17, 2025
New vulnerability
Eventer (CVE-2025-39482) , May 18, 2025
Eventer (CVE-2025-39481) , May 18, 2025
Push notification for Mobile and Web app (CVE-2025-48127) , May 18, 2025
ShayanWeb Admin FontChanger | افزونه‌ی تغییر فونت پیشخوان وردپرس شایان وب (CVE-2025-48114) , May 18, 2025
Interview (CVE-2025-48137) , May 18, 2025