WordPress X Addons for Elementor plugin <= 1.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Youtube Video ID Field vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Youtube Video ID Field vulnerability discovered by zer0gh0st in WordPress Plugin X Addons for Elementor versions = 1.0.16...

CVE-2025-9204

creationtimestamp| type| source ---|---|--- 2025-10-03 12:05:18+00:00| seen| Telegram/q26ZIODGdTvL5unvuuKrcnVcQCPDuzNHDHAxYz7bZYBe-gI...