CVE-2025-14275 is a stored cross-site scripting vulnerability classified under CWE-79, found in the Jeg Kit for Elementor plugin for WordPress, which provides powerful addons, widgets, and templates. The vulnerability affects all versions up to and including 3.0.1. It arises from insufficient sanitization of user input in the countdown widget's redirect functionality. Authenticated users with Contributor-level permissions or higher can exploit this flaw by injecting arbitrary JavaScript code into the countdown widget. This malicious script is stored persistently and executed in the context of any administrator or user who views the page containing the compromised countdown element. The attack vector requires no user interaction beyond viewing the page, and the vulnerability allows for potential compromise of confidentiality and integrity, such as stealing cookies, performing actions on behalf of administrators, or defacing content. The CVSS 3.1 base score is 6.4, reflecting network attack vector, low attack complexity, requiring privileges but no user interaction, and a scope change. No patches or known exploits are currently reported, but the risk remains significant due to the plugin's popularity and the high privileges of affected users.

The impact of this vulnerability is significant for organizations using the Jeg Kit for Elementor plugin on WordPress sites. Since the exploit requires only Contributor-level access, which is commonly granted to content creators or editors, attackers can leverage this to execute persistent malicious scripts affecting administrators and other privileged users. This can lead to session hijacking, unauthorized actions, data theft, or site defacement. The scope change in the CVSS vector indicates that the vulnerability can affect resources beyond the initially compromised component, potentially compromising the entire WordPress installation. Organizations with high-traffic or sensitive WordPress sites are at risk of reputational damage, data breaches, and operational disruption if exploited. The absence of known exploits in the wild suggests limited current active exploitation, but the medium severity and ease of exploitation by authenticated users necessitate prompt action.

1. Monitor for plugin updates from the vendor and apply patches immediately once available to address the input sanitization flaw. 2. Until a patch is released, restrict Contributor-level and higher permissions to trusted users only, minimizing the risk of malicious input injection. 3. Implement Web Application Firewall (WAF) rules to detect and block suspicious JavaScript payloads or unusual redirect parameters in requests related to the countdown widget. 4. Conduct regular security audits and code reviews of installed plugins to identify and remediate similar input validation issues. 5. Educate content contributors about the risks of injecting untrusted content and enforce strict content submission policies. 6. Enable logging and monitoring for unusual administrator activity or unexpected page content changes to detect exploitation attempts early. 7. Consider disabling or removing the countdown widget if it is not essential, reducing the attack surface.