CVE-2025-12830 is a stored Cross-Site Scripting vulnerability identified in the Better Addons for Elementor plugin for WordPress, specifically within the Slider widget functionality. The vulnerability stems from improper neutralization of user-supplied input during web page generation, classified under CWE-79. All versions up to and including 1.5.4 are affected. Authenticated attackers with contributor-level or higher privileges can exploit this flaw by injecting arbitrary JavaScript code into pages via insufficient input sanitization and lack of proper output escaping on widget attributes. Once injected, the malicious scripts execute in the context of any user who accesses the compromised page, potentially enabling session hijacking, privilege escalation, defacement, or distribution of malware. The vulnerability has a CVSS v3.1 base score of 6.4, reflecting medium severity, with an attack vector of network, low attack complexity, requiring privileges but no user interaction, and impacting confidentiality and integrity with a scope change. No official patches or updates are currently linked, and no known exploits have been reported in the wild, though the risk remains significant due to the widespread use of WordPress and Elementor plugins. The vulnerability highlights the importance of rigorous input validation and output encoding in plugin development to prevent persistent XSS attacks.

The primary impact of this vulnerability is the potential for attackers with contributor-level access to inject persistent malicious scripts into WordPress pages, which execute in the browsers of any visitors to those pages. This can lead to theft of authentication cookies, enabling session hijacking and unauthorized access to user accounts, including administrative accounts if targeted effectively. It can also facilitate defacement of websites, distribution of malware, or redirection to malicious sites, undermining user trust and damaging organizational reputation. Since the vulnerability requires authenticated access, the risk is somewhat mitigated but remains significant in environments where contributor or higher roles are assigned to multiple users or where accounts may be compromised. The scope change in the CVSS vector indicates that the vulnerability can affect resources beyond the initially compromised component, potentially impacting the entire website’s confidentiality and integrity. Organizations relying on the affected plugin for critical web presence or e-commerce may face operational disruptions and data breaches if exploited.

Organizations should immediately audit their WordPress installations to identify the presence of the Better Addons for Elementor plugin and verify the version in use. Until an official patch is released, administrators should restrict contributor-level access strictly to trusted users and consider temporarily disabling the Slider widget or the entire plugin if feasible. Implementing Web Application Firewall (WAF) rules to detect and block suspicious input patterns targeting the Slider widget attributes can provide interim protection. Regularly monitoring logs for unusual script injection attempts or unexpected content changes is advised. Additionally, applying Content Security Policy (CSP) headers can help mitigate the impact of injected scripts by restricting script execution sources. Once a patch becomes available, prompt updating is critical. Educating site administrators and contributors about the risks of XSS and enforcing the principle of least privilege for user roles will reduce the attack surface. Finally, conducting regular security assessments and plugin vulnerability scans can help detect similar issues proactively.