CVE-2025-60112 is a stored Cross-site Scripting (XSS) vulnerability identified in the aThemes Addons for Elementor plugin developed by Syed Balkhi. This plugin extends the Elementor page builder functionality for WordPress sites. The vulnerability arises due to improper neutralization of input during web page generation, classified under CWE-79. Specifically, the plugin fails to adequately sanitize or encode user-supplied input before rendering it on web pages, allowing malicious actors to inject and store malicious scripts. When other users or administrators view the affected pages, the malicious scripts execute in their browsers, potentially leading to session hijacking, credential theft, defacement, or further exploitation of the victim's environment. The vulnerability affects all versions of aThemes Addons for Elementor up to and including version 1.1.3. The CVSS v3.1 base score is 6.5, indicating a medium severity level. The vector string (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L) shows that the attack can be performed remotely over the network with low attack complexity, requires low privileges, and user interaction is needed. The scope is changed, meaning the vulnerability can affect resources beyond the initially vulnerable component. The impact includes limited confidentiality, integrity, and availability losses. No known exploits are currently reported in the wild, and no patches or fixes have been linked yet. This vulnerability is significant because Elementor and its addons are widely used in WordPress-powered websites, which are prevalent globally, including Europe. Stored XSS vulnerabilities are particularly dangerous as they persist on the server and affect multiple users, increasing the attack surface and potential damage.

For European organizations, this vulnerability poses a tangible risk, especially for businesses and institutions relying on WordPress websites enhanced with the aThemes Addons for Elementor plugin. Exploitation could lead to unauthorized access to user sessions, theft of sensitive data such as login credentials or personal information, and potential defacement or manipulation of website content. This can damage brand reputation, lead to regulatory non-compliance (e.g., GDPR violations due to data leakage), and cause operational disruptions. Organizations in sectors such as e-commerce, finance, education, and government, which often use WordPress for public-facing sites, are particularly vulnerable. The requirement for low privileges and user interaction means that attackers might leverage social engineering or compromised user accounts to exploit the vulnerability. The changed scope indicates that the impact could extend beyond the plugin itself, potentially affecting other components or users within the web application environment. Given the widespread use of Elementor in Europe, the vulnerability could affect a large number of websites, increasing the risk of widespread exploitation if a public exploit emerges.

1. Immediate action should include auditing all WordPress sites for the presence of the aThemes Addons for Elementor plugin and identifying versions up to 1.1.3. 2. Since no official patch links are currently available, organizations should monitor vendor announcements and security advisories closely for updates or patches. 3. In the interim, apply Web Application Firewall (WAF) rules specifically designed to detect and block common XSS payloads targeting this plugin. 4. Implement strict Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts on affected web pages. 5. Conduct thorough input validation and output encoding on any custom code interacting with the plugin to reduce injection risks. 6. Educate users and administrators about the risks of clicking on suspicious links or interacting with untrusted content within the site. 7. Consider temporarily disabling or removing the plugin if it is not critical to operations until a patch is available. 8. Regularly back up website data and configurations to enable rapid recovery in case of compromise. 9. Employ security scanning tools to detect stored XSS vulnerabilities proactively. 10. Review and tighten user privileges to minimize the risk of low-privilege accounts being leveraged for exploitation.