cleantalk
Vulnerabilities and Security Researches

UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Element, CVE-2025-48131

CVE, Research URL

CVE-2025-48131

Home page URL

Security reports for UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Element

Application

UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Element

Published on
May 16, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saiful Islam UltraAddons Elementor Lite allows Stored XSS. This issue affects UltraAddons Elementor Lite: from n/a through 2.0.0.
Affected versions
Min -, max 2.0.0.
Status
vulnerable
Previous vulnerability researches
Weluka Lite (CVE-2025-4591) , May 16, 2025
New vulnerability
WooCommerce POS (CVE-2025-48117) , May 18, 2025
BERTHA AI. Your AI co-pilot for WordPress and Chrome (CVE-2025-48138) , May 18, 2025
SEO Flow by LupsOnline (CVE-2025-48146) , May 18, 2025
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution (CVE-2025-4101) , May 18, 2025
WP Tabs – Responsive Tabs Plugin for WordPress (CVE-2025-48134) , May 18, 2025