Vulnerability Details CVE-2025-1639
The Animation Addons for Elementor Pro plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the install_elementor_plugin_handler() function in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins which can be leveraged to further infect a victim when Elementor is not activated on a vulnerable site.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.096
EPSS Ranking 92.7%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2025-1639
-
cpe:2.3:a:crowdytheme:arolax:*