CVE-2025-4774: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in leap13 Premium Addons for Elementor
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-countdown attribute of Countdown widget in all versions up to, and including, 4.11.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
AI Analysis
Technical Summary
CVE-2025-4774 is a stored Cross-Site Scripting (XSS) vulnerability identified in the Premium Addons for Elementor plugin for WordPress, specifically affecting all versions up to and including 4.11.8. The vulnerability arises from improper input sanitization and output escaping of the 'data-countdown' attribute in the Countdown widget. Authenticated attackers with Contributor-level access or higher can exploit this flaw by injecting malicious scripts into pages via the vulnerable attribute. These scripts are then stored and executed in the context of any user who accesses the compromised page, potentially leading to session hijacking, privilege escalation, or unauthorized actions performed on behalf of the victim user. The vulnerability has a CVSS 3.1 base score of 6.4, indicating a medium severity level, with an attack vector of network, low attack complexity, requiring privileges (Contributor or above), no user interaction, and impacting confidentiality and integrity with a scope change. No known exploits are currently reported in the wild, and no official patches have been linked yet. The vulnerability is classified under CWE-79, which relates to improper neutralization of input during web page generation, a common cause of XSS issues. Given that Elementor is a widely used WordPress page builder and Premium Addons is a popular extension, the vulnerability poses a significant risk to websites using these components, especially those allowing multiple users with contributor or higher roles to edit content.
Potential Impact
For European organizations, this vulnerability can lead to several security risks. Exploitation could allow attackers to execute arbitrary JavaScript in the context of the affected website, potentially stealing session cookies, redirecting users to malicious sites, or performing unauthorized actions on behalf of legitimate users. This is particularly concerning for organizations that rely on WordPress sites for customer interaction, e-commerce, or internal portals where contributor-level access is granted to multiple users. The confidentiality of user data could be compromised, and the integrity of website content could be undermined, damaging organizational reputation and trust. Additionally, the scope change in the CVSS vector suggests that the vulnerability could affect resources beyond the initially vulnerable component, potentially impacting other parts of the website or connected systems. Given the widespread use of WordPress and Elementor in Europe, especially among SMEs and digital agencies, the risk of targeted exploitation or automated attacks could increase if the vulnerability becomes publicly known or exploited.
Mitigation Recommendations
Organizations should immediately audit their WordPress installations to identify the use of Premium Addons for Elementor, particularly versions up to 4.11.8. Until an official patch is released, the following specific mitigations are recommended: 1) Restrict Contributor-level and higher permissions to trusted users only, minimizing the risk of malicious script injection. 2) Implement Web Application Firewall (WAF) rules that detect and block suspicious payloads targeting the 'data-countdown' attribute or typical XSS attack patterns. 3) Employ Content Security Policy (CSP) headers to restrict the execution of inline scripts and limit the domains from which scripts can be loaded, reducing the impact of injected scripts. 4) Regularly monitor website content for unexpected changes or injected scripts, using automated scanning tools specialized in detecting stored XSS. 5) Educate content editors about the risks of inserting untrusted content and enforce strict input validation on any custom forms or widgets. 6) Plan for timely updates to the plugin once a patch is available, and test updates in a staging environment to avoid service disruption. 7) Consider temporarily disabling or replacing the vulnerable widget if feasible, to eliminate the attack vector.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden
CVE-2025-4774: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in leap13 Premium Addons for Elementor
Description
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-countdown attribute of Countdown widget in all versions up to, and including, 4.11.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
AI-Powered Analysis
Technical Analysis
CVE-2025-4774 is a stored Cross-Site Scripting (XSS) vulnerability identified in the Premium Addons for Elementor plugin for WordPress, specifically affecting all versions up to and including 4.11.8. The vulnerability arises from improper input sanitization and output escaping of the 'data-countdown' attribute in the Countdown widget. Authenticated attackers with Contributor-level access or higher can exploit this flaw by injecting malicious scripts into pages via the vulnerable attribute. These scripts are then stored and executed in the context of any user who accesses the compromised page, potentially leading to session hijacking, privilege escalation, or unauthorized actions performed on behalf of the victim user. The vulnerability has a CVSS 3.1 base score of 6.4, indicating a medium severity level, with an attack vector of network, low attack complexity, requiring privileges (Contributor or above), no user interaction, and impacting confidentiality and integrity with a scope change. No known exploits are currently reported in the wild, and no official patches have been linked yet. The vulnerability is classified under CWE-79, which relates to improper neutralization of input during web page generation, a common cause of XSS issues. Given that Elementor is a widely used WordPress page builder and Premium Addons is a popular extension, the vulnerability poses a significant risk to websites using these components, especially those allowing multiple users with contributor or higher roles to edit content.
Potential Impact
For European organizations, this vulnerability can lead to several security risks. Exploitation could allow attackers to execute arbitrary JavaScript in the context of the affected website, potentially stealing session cookies, redirecting users to malicious sites, or performing unauthorized actions on behalf of legitimate users. This is particularly concerning for organizations that rely on WordPress sites for customer interaction, e-commerce, or internal portals where contributor-level access is granted to multiple users. The confidentiality of user data could be compromised, and the integrity of website content could be undermined, damaging organizational reputation and trust. Additionally, the scope change in the CVSS vector suggests that the vulnerability could affect resources beyond the initially vulnerable component, potentially impacting other parts of the website or connected systems. Given the widespread use of WordPress and Elementor in Europe, especially among SMEs and digital agencies, the risk of targeted exploitation or automated attacks could increase if the vulnerability becomes publicly known or exploited.
Mitigation Recommendations
Organizations should immediately audit their WordPress installations to identify the use of Premium Addons for Elementor, particularly versions up to 4.11.8. Until an official patch is released, the following specific mitigations are recommended: 1) Restrict Contributor-level and higher permissions to trusted users only, minimizing the risk of malicious script injection. 2) Implement Web Application Firewall (WAF) rules that detect and block suspicious payloads targeting the 'data-countdown' attribute or typical XSS attack patterns. 3) Employ Content Security Policy (CSP) headers to restrict the execution of inline scripts and limit the domains from which scripts can be loaded, reducing the impact of injected scripts. 4) Regularly monitor website content for unexpected changes or injected scripts, using automated scanning tools specialized in detecting stored XSS. 5) Educate content editors about the risks of inserting untrusted content and enforce strict input validation on any custom forms or widgets. 6) Plan for timely updates to the plugin once a patch is available, and test updates in a staging environment to avoid service disruption. 7) Consider temporarily disabling or replacing the vulnerable widget if feasible, to eliminate the attack vector.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2025-05-15T13:39:53.432Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 68487f561b0bd07c3938a577
Added to database: 6/10/2025, 6:54:14 PM
Last enriched: 7/11/2025, 1:05:19 AM
Last updated: 8/16/2025, 1:21:21 PM
Views: 12
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.