The vulnerability CVE-2025-54704 in hashthemes Easy Elementor Addons (<= 2.2.6) is a DOM-based cross-site scripting issue caused by improper input neutralization during web page generation. This allows an attacker to inject malicious scripts that execute in the victim's browser under certain conditions. The CVSS 3.1 score is 6.5 (medium), reflecting network attack vector, low attack complexity, requiring privileges and user interaction, with partial impact on confidentiality, integrity, and availability. No patch or official remediation guidance is currently available from the vendor or other authoritative sources.

Successful exploitation of this vulnerability could allow an attacker with low privileges and requiring user interaction to execute arbitrary scripts in the context of the affected web application. This may lead to partial disclosure of sensitive information, modification of data, or disruption of service. However, the impact is limited by the need for user interaction and the attacker's privileges.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider limiting exposure by restricting privileges and educating users about the risks of interacting with untrusted content. Monitor vendor channels for updates and apply patches promptly once available.