Cross-site Scripting Vulnerability in UltraAddons Elementor Lite Plugin by Saiful Islam
CVE-2025-48131

6.5MEDIUM

Key Information:

Vendor

WordPress
Status
Ultraaddons Elementor Lite
Vendor
CVE Published:
16 May 2025

What is CVE-2025-48131?

The UltraAddons Elementor Lite plugin, developed by Saiful Islam, contains a vulnerability that allows for stored cross-site scripting (XSS) attacks. This occurs due to inadequate input neutralization during web page generation. An attacker could exploit this vulnerability to inject malicious scripts into web pages, potentially compromising user data and session integrity. Users are advised to upgrade to the latest version to mitigate this risk.

Affected Version(s)

UltraAddons Elementor Lite <= 2.0.0

References

https://patchstack.com/database/wordpress/plugin/ultraadd...
vdb-entry

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Michael (Patchstack Alliance)
.