Skip to main content

CVE-2025-5292: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in bdthemes Element Pack Addons for Elementor – Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder

Medium
VulnerabilityCVE-2025-5292cvecve-2025-5292cwe-79
Published: Sat May 31 2025 (05/31/2025, 06:40:57 UTC)
Source: CVE Database V5
Vendor/Project: bdthemes
Product: Element Pack Addons for Elementor – Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder

Description

The Element Pack Addons for Elementor – Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'marker_content’ parameter in all versions up to, and including, 5.11.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

AI-Powered Analysis

AILast updated: 07/08/2025, 13:26:47 UTC

Technical Analysis

CVE-2025-5292 is a stored Cross-Site Scripting (XSS) vulnerability affecting the 'Element Pack Addons for Elementor' WordPress plugin, developed by bdthemes. This plugin provides a suite of ready templates, blocks, widgets, and WooCommerce builder features to enhance Elementor-based websites. The vulnerability arises from improper neutralization of input during web page generation, specifically via the 'marker_content' parameter. In all plugin versions up to and including 5.11.2, insufficient input sanitization and output escaping allow authenticated users with Contributor-level privileges or higher to inject arbitrary JavaScript code into pages. Because this is a stored XSS, the malicious script is saved on the server and executed whenever any user accesses the compromised page. The CVSS 3.1 base score is 6.4 (medium severity), reflecting network attack vector, low attack complexity, requiring privileges (Contributor or above), no user interaction, and a scope change with limited confidentiality and integrity impact but no availability impact. Exploitation does not require user interaction but does require authenticated access with contributor or higher privileges, which are common roles in WordPress multi-user environments. The vulnerability can lead to session hijacking, privilege escalation, defacement, or distribution of malware through injected scripts. No known exploits are currently reported in the wild, and no official patches have been linked yet. The vulnerability was published on May 31, 2025, with the CWE-79 classification indicating improper input neutralization during web page generation.

Potential Impact

For European organizations using WordPress websites enhanced with the Element Pack Addons for Elementor plugin, this vulnerability poses a significant risk. Many European businesses, including e-commerce, media, and service providers, rely on WordPress and Elementor for their web presence. An attacker with contributor-level access could inject malicious scripts that execute in the browsers of site visitors or administrators, potentially leading to credential theft, unauthorized actions, or spreading malware. This can damage brand reputation, lead to data breaches involving customer information, and cause regulatory compliance issues under GDPR due to unauthorized data exposure or processing. The scope change in the CVSS vector indicates that the vulnerability affects resources beyond the attacker’s privileges, increasing risk. Since contributor roles are often assigned to content creators or editors, insider threats or compromised accounts could be leveraged to exploit this vulnerability. The lack of user interaction needed means that any visitor to the infected page could be affected silently. Although no known exploits are reported yet, the medium severity and ease of exploitation by authenticated users make it a credible threat vector for European organizations with multi-user WordPress sites.

Mitigation Recommendations

European organizations should immediately audit their WordPress installations to identify if the Element Pack Addons for Elementor plugin is installed and determine the version in use. Until an official patch is released, organizations should restrict contributor-level access to trusted users only, enforce strong authentication mechanisms including multi-factor authentication, and monitor user activities for suspicious behavior. Implementing Web Application Firewalls (WAFs) with custom rules to detect and block suspicious payloads targeting the 'marker_content' parameter can provide temporary protection. Content Security Policy (CSP) headers should be configured to limit the execution of unauthorized scripts. Regular backups of website data and code should be maintained to enable quick restoration if an injection occurs. Organizations should also consider disabling or removing the plugin if it is not essential. Once a patch is available, prompt application of updates is critical. Additionally, security teams should conduct thorough scanning for injected scripts and review logs for anomalous contributor activity. User education on phishing and credential security can reduce the risk of account compromise leading to exploitation.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Wordfence
Date Reserved
2025-05-27T23:25:25.164Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 683aa517182aa0cae2d47e33

Added to database: 5/31/2025, 6:43:35 AM

Last enriched: 7/8/2025, 1:26:47 PM

Last updated: 8/15/2025, 7:06:04 AM

Views: 16

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats