cleantalk
Vulnerabilities and Security Researches

Unlimited Elements For Elementor (Free Widgets, Addons, Templates), CVE-2025-1663

CVE, Research URL

CVE-2025-1663

Home page URL

Security reports for Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Application

Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

Published on
Apr 03, 2025
Research Description
The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 1.5.142 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 1.5.143.
Status
vulnerable
Previous vulnerability researches
Translate Multilingual sites – TranslatePress (CVE-2024-34827) , Jun 07, 2024
Translate Multilingual sites – TranslatePress (CVE-2021-24610) , Jun 07, 2024
Translate Multilingual sites – TranslatePress (CVE-2022-3141) , Jun 07, 2024
Translate Multilingual sites – TranslatePress (CVE-2025-30773) , Mar 28, 2025
New vulnerability
Woo Product Feed For Marketing Channels (CVE-2025-31377) , Apr 10, 2025
Easy custom css by webriti (CVE-2025-31395) , Apr 10, 2025
Checkout Mestres WP (CVE-2025-32695) , Apr 10, 2025
Request Call Back (CVE-2025-32483) , Apr 10, 2025
QR Master (CVE-2025-32116) , Apr 10, 2025