Cross-Site Scripting Vulnerability in Master Addons for Elementor by Liton Arefin
CVE-2025-63055

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Master Addons For Elementor
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-63055?

A vulnerability exists in the Master Addons for Elementor plugin, created by Liton Arefin, allowing for Stored Cross-Site Scripting (XSS) attacks. Attackers can potentially exploit this flaw by injecting malicious scripts, which would be executed when users interact with the affected web pages. This poses significant risks to user data integrity and security, particularly in WordPress environments. Website administrators using affected versions should take immediate action to mitigate these risks by updating to the latest version or applying necessary patches.

Affected Version(s)

Master Addons for Elementor <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/mast...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Oct 24, 2025

Credit

Abu Hurayra | Patchstack Bug Bounty Program

JSON