Platform
wordpress
Component
anant-addons-for-elementor
Fixed in
1.1.9
CVE-2025-32641 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in Anant Addons for Elementor, a plugin for the Elementor page builder. This flaw allows an attacker to trick a logged-in user into unknowingly executing malicious actions, potentially leading to unauthorized modifications to the website. The vulnerability impacts versions from 0.0.0 up to and including 1.1.8, with a fix available in version 1.1.6.
A successful CSRF attack can have significant consequences for websites using Anant Addons for Elementor. An attacker could leverage this vulnerability to modify website content, change user roles and permissions, or even delete critical data. The attacker does not need to authenticate to exploit the vulnerability; they only need to trick a legitimate user into visiting a malicious link or page. This could be achieved through phishing emails, malicious advertisements, or compromised third-party websites. The blast radius extends to any user with access to the affected plugin, making it a widespread concern for Elementor-based websites.
CVE-2025-32641 was published on April 9, 2025. As of this date, there are no publicly known active campaigns exploiting this specific vulnerability. No KEV or EPSS score is currently assigned. While no public Proof-of-Concept (PoC) code has been released, the CSRF nature of the vulnerability makes it relatively easy to exploit, increasing the likelihood of future exploitation attempts.
Exploit Status
EPSS
0.12% (31% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-32641 is to immediately upgrade Anant Addons for Elementor to version 1.1.6 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing a Web Application Firewall (WAF) with CSRF protection rules. These rules can help to detect and block malicious requests. Additionally, ensure that all user input is properly validated and sanitized to prevent other potential vulnerabilities. After upgrading, verify the fix by attempting to trigger a CSRF attack on a test environment to confirm that the protection is effective.
Actualice el plugin Anant Addons for Elementor a la última versión disponible para mitigar la vulnerabilidad de CSRF que permite la instalación arbitraria de plugins. Verifique las actualizaciones disponibles en el panel de administración de WordPress o en el repositorio de plugins de WordPress.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-32641 is a CRITICAL Cross-Site Request Forgery (CSRF) vulnerability affecting Anant Addons for Elementor. It allows attackers to perform unauthorized actions on a user's account without their knowledge.
You are affected if you are using Anant Addons for Elementor versions 0.0.0 through 1.1.8. Upgrade to 1.1.6 or later to mitigate the risk.
The recommended fix is to upgrade Anant Addons for Elementor to version 1.1.6 or a later version. As a temporary workaround, implement a WAF with CSRF protection rules.
As of April 9, 2025, there are no publicly known active campaigns exploiting this vulnerability, but the ease of exploitation suggests potential future attacks.
Refer to the Anant Addons website and Elementor's security advisory channels for the official advisory regarding CVE-2025-32641.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.