CVE-2025-30800 identifies a stored cross-site scripting (XSS) vulnerability in the Atawai Gum Elementor Addon, a plugin designed to extend Elementor functionality in WordPress environments. The vulnerability stems from improper neutralization of user-supplied input during the generation of web pages, allowing malicious scripts to be stored persistently within the application. When a victim accesses a page containing the injected script, the malicious payload executes in their browser context. This can lead to theft of session cookies, user impersonation, defacement of websites, or distribution of malware. The affected versions include all releases up to and including 1.3.10. No CVSS score has been assigned yet, and no public exploits have been reported. However, stored XSS vulnerabilities are typically easy to exploit and can have widespread impact, especially on sites with high user interaction or administrative access. The vulnerability does not require authentication or user interaction beyond visiting a compromised page, increasing its risk profile. The lack of available patches at the time of disclosure necessitates immediate mitigation efforts by administrators. The vulnerability is tracked by Patchstack and was published on March 27, 2025.

The impact of CVE-2025-30800 is significant for organizations using the Gum Elementor Addon in their WordPress sites. Successful exploitation allows attackers to execute arbitrary JavaScript in the context of the victim's browser, potentially leading to session hijacking, credential theft, unauthorized actions on behalf of users, and website defacement. For organizations, this can result in data breaches, loss of customer trust, reputational damage, and potential regulatory penalties if sensitive data is compromised. The stored nature of the XSS means the malicious script persists and can affect multiple users over time. Attackers could also leverage this vulnerability to deliver further malware or pivot to other internal systems. Given the widespread use of WordPress and Elementor plugins globally, the scope of affected systems is broad, increasing the potential scale of impact. The absence of authentication requirements and ease of exploitation further elevate the threat level.

To mitigate CVE-2025-30800, organizations should take the following specific actions: 1) Immediately audit all instances of the Gum Elementor Addon and identify affected versions (<= 1.3.10). 2) Apply vendor-provided patches or updates as soon as they become available; monitor Atawai's official channels for releases. 3) In the absence of patches, implement strict input validation and output encoding on all user-supplied data within the addon’s functionality to neutralize malicious scripts. 4) Deploy or update Web Application Firewalls (WAFs) with rules specifically targeting stored XSS payloads related to this addon. 5) Conduct thorough security reviews and penetration testing focusing on XSS vectors in the affected environments. 6) Educate site administrators and users about the risks of clicking suspicious links or interacting with untrusted content on affected sites. 7) Consider temporarily disabling or replacing the Gum Elementor Addon if immediate patching is not feasible. 8) Monitor logs and user reports for signs of exploitation or unusual activity related to XSS attacks.