cleantalk
Vulnerabilities and Security Researches

ElementInvader Addons for Elementor, CVE-2025-10873

CVE, Research URL

CVE-2025-10873

Home page URL

Security reports for ElementInvader Addons for Elementor

Application

ElementInvader Addons for Elementor

Published on
Nov 05, 2025
Research Description
The ElementInvader Addons for Elementor WordPress plugin before 1.4.1 allows unauthenticated user to send arbitrary e-mails to arbitrary addresses due to missing authorization on the elementinvader_addons_for_elementor_forms_send_form action.
Affected versions
max 1.4.1.
Status
vulnerable
Previous vulnerability researches
WP Gmail SMTP (CVE-2025-53232) , Nov 11, 2025
WP Gmail SMTP (172cc1f3c82eb47a0e2bb5d14ce96f28ededb179) , Nov 11, 2025
New vulnerability
One Page Express Companion (CVE-2025-62052) , Nov 11, 2025
Boldermail – Email Marketing and Newsletters for WordPress (CVE-2025-52740) , Nov 11, 2025
Block Country (CVE-2025-48077) , Nov 11, 2025
Attesa Extra (CVE-2025-62971) , Nov 11, 2025
Content Locker for Elementor (CVE-2025-10896) , Nov 11, 2025