CVE-2025-5292: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in bdthemes Element Pack Addons for Elementor – Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder
The Element Pack Addons for Elementor – Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'marker_content’ parameter in all versions up to, and including, 5.11.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
AI Analysis
Technical Summary
CVE-2025-5292 is a stored Cross-Site Scripting (XSS) vulnerability affecting the 'Element Pack Addons for Elementor' WordPress plugin, developed by bdthemes. This plugin provides a suite of ready templates, blocks, widgets, and WooCommerce builder features to enhance Elementor-based websites. The vulnerability arises from improper neutralization of input during web page generation, specifically via the 'marker_content' parameter. In all plugin versions up to and including 5.11.2, insufficient input sanitization and output escaping allow authenticated users with Contributor-level privileges or higher to inject arbitrary JavaScript code into pages. Because this is a stored XSS, the malicious script is saved on the server and executed whenever any user accesses the compromised page. The CVSS 3.1 base score is 6.4 (medium severity), reflecting network attack vector, low attack complexity, requiring privileges (Contributor or above), no user interaction, and a scope change with limited confidentiality and integrity impact but no availability impact. Exploitation does not require user interaction but does require authenticated access with contributor or higher privileges, which are common roles in WordPress multi-user environments. The vulnerability can lead to session hijacking, privilege escalation, defacement, or distribution of malware through injected scripts. No known exploits are currently reported in the wild, and no official patches have been linked yet. The vulnerability was published on May 31, 2025, with the CWE-79 classification indicating improper input neutralization during web page generation.
Potential Impact
For European organizations using WordPress websites enhanced with the Element Pack Addons for Elementor plugin, this vulnerability poses a significant risk. Many European businesses, including e-commerce, media, and service providers, rely on WordPress and Elementor for their web presence. An attacker with contributor-level access could inject malicious scripts that execute in the browsers of site visitors or administrators, potentially leading to credential theft, unauthorized actions, or spreading malware. This can damage brand reputation, lead to data breaches involving customer information, and cause regulatory compliance issues under GDPR due to unauthorized data exposure or processing. The scope change in the CVSS vector indicates that the vulnerability affects resources beyond the attacker’s privileges, increasing risk. Since contributor roles are often assigned to content creators or editors, insider threats or compromised accounts could be leveraged to exploit this vulnerability. The lack of user interaction needed means that any visitor to the infected page could be affected silently. Although no known exploits are reported yet, the medium severity and ease of exploitation by authenticated users make it a credible threat vector for European organizations with multi-user WordPress sites.
Mitigation Recommendations
European organizations should immediately audit their WordPress installations to identify if the Element Pack Addons for Elementor plugin is installed and determine the version in use. Until an official patch is released, organizations should restrict contributor-level access to trusted users only, enforce strong authentication mechanisms including multi-factor authentication, and monitor user activities for suspicious behavior. Implementing Web Application Firewalls (WAFs) with custom rules to detect and block suspicious payloads targeting the 'marker_content' parameter can provide temporary protection. Content Security Policy (CSP) headers should be configured to limit the execution of unauthorized scripts. Regular backups of website data and code should be maintained to enable quick restoration if an injection occurs. Organizations should also consider disabling or removing the plugin if it is not essential. Once a patch is available, prompt application of updates is critical. Additionally, security teams should conduct thorough scanning for injected scripts and review logs for anomalous contributor activity. User education on phishing and credential security can reduce the risk of account compromise leading to exploitation.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Belgium, Sweden, Ireland
CVE-2025-5292: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in bdthemes Element Pack Addons for Elementor – Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder
Description
The Element Pack Addons for Elementor – Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'marker_content’ parameter in all versions up to, and including, 5.11.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
AI-Powered Analysis
Technical Analysis
CVE-2025-5292 is a stored Cross-Site Scripting (XSS) vulnerability affecting the 'Element Pack Addons for Elementor' WordPress plugin, developed by bdthemes. This plugin provides a suite of ready templates, blocks, widgets, and WooCommerce builder features to enhance Elementor-based websites. The vulnerability arises from improper neutralization of input during web page generation, specifically via the 'marker_content' parameter. In all plugin versions up to and including 5.11.2, insufficient input sanitization and output escaping allow authenticated users with Contributor-level privileges or higher to inject arbitrary JavaScript code into pages. Because this is a stored XSS, the malicious script is saved on the server and executed whenever any user accesses the compromised page. The CVSS 3.1 base score is 6.4 (medium severity), reflecting network attack vector, low attack complexity, requiring privileges (Contributor or above), no user interaction, and a scope change with limited confidentiality and integrity impact but no availability impact. Exploitation does not require user interaction but does require authenticated access with contributor or higher privileges, which are common roles in WordPress multi-user environments. The vulnerability can lead to session hijacking, privilege escalation, defacement, or distribution of malware through injected scripts. No known exploits are currently reported in the wild, and no official patches have been linked yet. The vulnerability was published on May 31, 2025, with the CWE-79 classification indicating improper input neutralization during web page generation.
Potential Impact
For European organizations using WordPress websites enhanced with the Element Pack Addons for Elementor plugin, this vulnerability poses a significant risk. Many European businesses, including e-commerce, media, and service providers, rely on WordPress and Elementor for their web presence. An attacker with contributor-level access could inject malicious scripts that execute in the browsers of site visitors or administrators, potentially leading to credential theft, unauthorized actions, or spreading malware. This can damage brand reputation, lead to data breaches involving customer information, and cause regulatory compliance issues under GDPR due to unauthorized data exposure or processing. The scope change in the CVSS vector indicates that the vulnerability affects resources beyond the attacker’s privileges, increasing risk. Since contributor roles are often assigned to content creators or editors, insider threats or compromised accounts could be leveraged to exploit this vulnerability. The lack of user interaction needed means that any visitor to the infected page could be affected silently. Although no known exploits are reported yet, the medium severity and ease of exploitation by authenticated users make it a credible threat vector for European organizations with multi-user WordPress sites.
Mitigation Recommendations
European organizations should immediately audit their WordPress installations to identify if the Element Pack Addons for Elementor plugin is installed and determine the version in use. Until an official patch is released, organizations should restrict contributor-level access to trusted users only, enforce strong authentication mechanisms including multi-factor authentication, and monitor user activities for suspicious behavior. Implementing Web Application Firewalls (WAFs) with custom rules to detect and block suspicious payloads targeting the 'marker_content' parameter can provide temporary protection. Content Security Policy (CSP) headers should be configured to limit the execution of unauthorized scripts. Regular backups of website data and code should be maintained to enable quick restoration if an injection occurs. Organizations should also consider disabling or removing the plugin if it is not essential. Once a patch is available, prompt application of updates is critical. Additionally, security teams should conduct thorough scanning for injected scripts and review logs for anomalous contributor activity. User education on phishing and credential security can reduce the risk of account compromise leading to exploitation.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2025-05-27T23:25:25.164Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 683aa517182aa0cae2d47e33
Added to database: 5/31/2025, 6:43:35 AM
Last enriched: 7/8/2025, 1:26:47 PM
Last updated: 8/15/2025, 9:07:01 AM
Views: 17
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.