CVE-2025-9077
📋 TL;DR
This stored XSS vulnerability in Ultra Addons Lite for Elementor allows authenticated attackers with contributor-level access or higher to inject malicious scripts into WordPress pages via the 'Animated Text' field. When users visit compromised pages, the scripts execute in their browsers, potentially stealing session cookies or performing unauthorized actions. WordPress sites using vulnerable plugin versions are affected.
💻 Affected Systems
- Ultra Addons Lite for Elementor WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, deface websites, redirect users to malicious sites, or install backdoors for persistent access.
Likely Case
Session hijacking, cookie theft, or defacement of specific pages containing the vulnerable widget.
If Mitigated
Limited to authenticated users only, with minimal impact if proper user access controls and content security policies are implemented.
🎯 Exploit Status
Exploitation requires contributor-level WordPress access; proof-of-concept code is publicly available in vulnerability references.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.1.10 or later
Vendor Advisory: https://plugins.trac.wordpress.org/browser/ut-elementor-addons-lite
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Ultra Addons Lite for Elementor'. 4. Click 'Update Now' if available, or manually update to version 1.1.10+. 5. Clear any caching plugins/CDN caches.
🔧 Temporary Workarounds
Disable Typeout Widget
allRemove or disable the vulnerable Typeout widget from all pages/posts
Restrict User Roles
allLimit contributor-level access to trusted users only
🧯 If You Can't Patch
- Implement Content Security Policy (CSP) headers to restrict script execution
- Remove contributor access for untrusted users and audit existing contributor accounts
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Ultra Addons Lite for Elementor → Version number. If version is 1.1.9 or lower, you are vulnerable.Check Version:
wp plugin list --name='Ultra Addons Lite for Elementor' --field=versionVerify Fix Applied:
After updating, verify plugin version shows 1.1.10 or higher in WordPress plugins list.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to wp-admin/admin-ajax.php with 'animated_text' parameters containing script tags
- Multiple page edits by contributor-level users
Network Indicators:
- Outbound connections to suspicious domains from your WordPress site
- Unexpected script loads in page responses
SIEM Query:
source="wordpress.log" AND "animated_text" AND ("<script>" OR "javascript:")