CVE-2025-5944 is a stored Cross-Site Scripting vulnerability classified under CWE-79, found in the Element Pack Addons for Elementor plugin for WordPress, specifically affecting all versions up to and including 8.0.0. The vulnerability stems from insufficient input sanitization and output escaping of the 'data-caption' attribute used within the plugin's web page generation process. Authenticated attackers with Contributor-level privileges or higher can exploit this flaw by injecting arbitrary JavaScript code into the 'data-caption' attribute of pages or posts. Because the injected scripts are stored persistently, they execute automatically whenever any user accesses the affected page, potentially compromising user sessions, stealing cookies, or performing actions on behalf of users. The vulnerability does not require user interaction beyond page access, and the attack scope is limited to sites using the vulnerable plugin version. The CVSS 3.1 base score is 6.4, reflecting a medium severity with network attack vector, low attack complexity, and privileges required. No patches or official fixes are currently linked, and no known exploits have been reported in the wild. This vulnerability highlights the risks of improper input handling in widely used WordPress plugins and the importance of strict sanitization and escaping in web application development.

The impact of CVE-2025-5944 is significant for organizations running WordPress sites with the vulnerable Element Pack Addons for Elementor plugin. Successful exploitation allows attackers with Contributor-level access to inject persistent malicious scripts, which execute in the context of any user visiting the compromised pages. This can lead to session hijacking, theft of sensitive information such as authentication cookies, unauthorized actions performed on behalf of users, and potential defacement or redirection attacks. While the vulnerability does not directly affect availability, the compromise of user credentials and site integrity can cause reputational damage, loss of customer trust, and potential regulatory consequences if user data is exposed. The requirement for authenticated access limits the attack surface but does not eliminate risk, especially on sites with multiple contributors or where account compromise is possible. Given the widespread use of WordPress and Elementor plugins globally, many organizations, including small businesses, media sites, and e-commerce platforms, could be affected if they do not update or mitigate this vulnerability promptly.

To mitigate CVE-2025-5944, organizations should first verify if their WordPress installations use the Element Pack Addons for Elementor plugin at version 8.0.0 or earlier. Immediate steps include: 1) Updating the plugin to a patched version once available from the vendor or bdthemes; 2) If no patch is available, temporarily disabling the plugin or restricting Contributor-level user capabilities to prevent script injection; 3) Implementing a Web Application Firewall (WAF) with custom rules to detect and block suspicious payloads targeting the 'data-caption' attribute; 4) Conducting a thorough audit of user roles and permissions to minimize the number of users with Contributor or higher access; 5) Scanning existing content for injected scripts and cleaning affected pages; 6) Employing Content Security Policy (CSP) headers to restrict script execution sources; 7) Educating site administrators and contributors about safe content practices and the risks of XSS. These targeted actions go beyond generic advice by focusing on access control, content review, and layered defenses specific to this vulnerability.