CVE-2025-1663

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Apr 3, 2025

Updated: Apr 10, 2025

CWE ID 79

Summary

CVE-2025-1663 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the Unlimited Elements For Elementor plugin for WordPress. Versions up to and including 1.5.142 are vulnerable to this issue. The flaw is caused by insufficient input sanitization and output escaping in several widgets. This vulnerability allows authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts. These scripts will execute whenever an unsuspecting user accesses an injected page. This can potentially lead to data theft, unauthorized account access, or other malicious activities. Users are urged to update the plugin to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Know What Matters

For Customers

For Partners

CVE-2025-1663

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations