CVE-2025-1458

Medium CVSS: 6.4

The Element Pack Addons for Elementor – Free Templates and Widgets for Your WordPress Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets like Dual Button, Creative Button, Image Stack and more in all versions up to, and including, 5.10.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Vendor

Bdthemes

Product

Element Pack

CWE

CWE-79

Yayın Tarihi

2025-04-26 06:15:14

Güncelleme

2025-05-06 14:11:15

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-79 Element Pack MEDIUM Bdthemes 2025

Referanslar

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3277466%40bdthemes-element-pack-lite&new=3277466%40bdthemes-element-pack-lite&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/7fbd3170-a45b-4ae6-bc59-4cfb92f6c2a6?source=cve

Benzer Kayıtlar

Medium

CVE-2025-8100

The Element Pack Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via th…

Medium

CVE-2025-5944

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-ca…

Medium

CVE-2025-2168

The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Produc…

Medium

CVE-2024-12043

The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Post Slider and Ecommerce Slider) plugin f…

Medium

CVE-2024-12851

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) plugin for…