Element Pack Addons for Elementor, Stored XSS, CVE-2025-1458 (High)

By /

How the CVE Works

CVE-2025-1458 exploits insufficient input sanitization in Element Pack Addons for Elementor WordPress plugin (≤5.10.29). The vulnerability exists across multiple widgets (Dual Button, Creative Button, Image Stack) where user-supplied input isn’t properly sanitized before being stored in the database. Authenticated attackers with Contributor+ privileges can inject malicious JavaScript payloads through widget parameters. When administrators or other users view pages containing the compromised widgets, the payload executes in their browser session, enabling session hijacking, admin takeover, or defacement. The stored nature makes it persistent across page visits.

DailyCVE Form

Platform: WordPress
Version: ≤5.10.29
Vulnerability: Stored XSS
Severity: High

date: 05/06/2025

What Undercode Say:

Exploitation:

// Example payload for Creative Button widget
elementor.addControlView('creative_button', (model) => {
model.set('button_text', '<img src=x onerror=alert(document.cookie)>');
});

Detection:

Grep vulnerable versions in WordPress installations
grep -r "Version: 5.10.29" /var/www/html/wp-content/plugins/element-pack/

Mitigation:

1. Immediate update to patched version

2. Apply WAF rules blocking script injection:

location ~ /wp-content/plugins/element-pack/ {
deny <script;
deny onerror=;
}

Verification:

Check database for injected payloads
SELECT FROM wp_postmeta WHERE meta_value LIKE '%onerror=%';

Temporary Fix:

// Add to theme's functions.php
add_filter('element_pack_widget_output', 'sanitize_text_field');

Impact Analysis:

Calculate potential affected sites
import requests
wp_stats = requests.get('https://api.wordpress.org/stats/plugin/1.0/element-pack')
print(f"Active installations: {wp_stats.json()['active_installs']}")

Log Monitoring:

Track suspicious plugin activity
tail -f /var/log/apache2/access.log | grep 'POST /wp-admin/admin-ajax.php.action=element_pack'

Backup Recommendation:

Create emergency backup
tar -czvf element-pack-backup.tar.gz /var/www/html/wp-content/plugins/element-pack/

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Scroll to Top