CVE-2025-10873

CVE-2025-10873: Elementinvader Addons for Elementor < 1.4.1 – Unauthenticated Arbitrary Email Sending

Vendor Unknown
Product ElementInvader Addons for Elementor
Published November 5, 2025
Last update November 5, 2025

CVSS base score

What the vulnerability does

01Description

The ElementInvader Addons for Elementor WordPress plugin before 1.4.1 allows unauthenticated user to send arbitrary e-mails to arbitrary addresses due to missing authorization on the elementinvader_addons_for_elementor_forms_send_form action.

Key dates

02Disclosure timeline

November 5, 2025 CVE published
November 5, 2025 Record updated