CVE-2025-6252: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in qodeinteractive Qi Addons For Elementor
The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
AI Analysis
Technical Summary
CVE-2025-6252 is a stored Cross-Site Scripting (XSS) vulnerability identified in the Qi Addons For Elementor plugin for WordPress, developed by qodeinteractive. This vulnerability affects all versions up to and including 1.9.1. The root cause is improper neutralization of input during web page generation (CWE-79), specifically due to insufficient input sanitization and output escaping of several parameters. An authenticated attacker with Contributor-level access or higher can exploit this flaw by injecting arbitrary malicious scripts into pages managed by the plugin. These scripts are then stored persistently and executed in the browsers of any users who visit the compromised pages, potentially leading to session hijacking, privilege escalation, unauthorized actions on behalf of users, or distribution of malware. The vulnerability does not require user interaction to trigger once the malicious script is injected, and it affects the confidentiality and integrity of user data. The CVSS v3.1 base score is 6.4 (medium severity), with an attack vector of network, low attack complexity, privileges required at the contributor level, no user interaction needed, and a scope change indicating that the vulnerability affects components beyond the initially vulnerable plugin. No known exploits are currently reported in the wild, and no official patches have been linked yet. The vulnerability was published on June 28, 2025, and assigned by Wordfence.
Potential Impact
For European organizations, this vulnerability poses a significant risk especially to those using WordPress websites with the Qi Addons For Elementor plugin installed. Since WordPress powers a large portion of websites globally, including in Europe, and Elementor is a popular page builder, many organizations could be affected. The ability for an attacker with contributor-level access to inject persistent scripts can lead to data breaches, theft of user credentials, defacement of websites, and erosion of customer trust. This is particularly critical for e-commerce, government, healthcare, and financial sector websites where sensitive personal and transactional data is processed. The scope change in the CVSS vector suggests that the vulnerability could impact other components or users beyond the initial plugin context, increasing the risk of widespread compromise. Additionally, the stored nature of the XSS means that the malicious payload can affect multiple users over time without repeated exploitation. Given the medium severity, the impact is non-trivial but not immediately catastrophic; however, the potential for chained attacks or further exploitation elevates the risk profile for European entities reliant on this plugin.
Mitigation Recommendations
European organizations should immediately audit their WordPress installations to identify the presence of the Qi Addons For Elementor plugin and determine the version in use. Until an official patch is released, the following specific mitigations are recommended: 1) Restrict Contributor-level access strictly to trusted users and review user roles to minimize unnecessary privileges. 2) Implement Web Application Firewall (WAF) rules that detect and block common XSS payload patterns targeting the affected parameters. 3) Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts on affected sites. 4) Conduct thorough input validation and output encoding on any custom code interacting with the plugin or its parameters. 5) Monitor website content for unauthorized script injections and unusual user activity. 6) Plan for rapid deployment of patches once available and test updates in staging environments before production rollout. 7) Educate content contributors about the risks of injecting untrusted content and enforce strict content moderation policies. These measures go beyond generic advice by focusing on access control, proactive detection, and layered defenses tailored to the plugin’s exploitation vector.
Affected Countries
Germany, United Kingdom, France, Italy, Spain, Netherlands, Poland, Sweden, Belgium, Austria
CVE-2025-6252: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in qodeinteractive Qi Addons For Elementor
Description
The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
AI-Powered Analysis
Technical Analysis
CVE-2025-6252 is a stored Cross-Site Scripting (XSS) vulnerability identified in the Qi Addons For Elementor plugin for WordPress, developed by qodeinteractive. This vulnerability affects all versions up to and including 1.9.1. The root cause is improper neutralization of input during web page generation (CWE-79), specifically due to insufficient input sanitization and output escaping of several parameters. An authenticated attacker with Contributor-level access or higher can exploit this flaw by injecting arbitrary malicious scripts into pages managed by the plugin. These scripts are then stored persistently and executed in the browsers of any users who visit the compromised pages, potentially leading to session hijacking, privilege escalation, unauthorized actions on behalf of users, or distribution of malware. The vulnerability does not require user interaction to trigger once the malicious script is injected, and it affects the confidentiality and integrity of user data. The CVSS v3.1 base score is 6.4 (medium severity), with an attack vector of network, low attack complexity, privileges required at the contributor level, no user interaction needed, and a scope change indicating that the vulnerability affects components beyond the initially vulnerable plugin. No known exploits are currently reported in the wild, and no official patches have been linked yet. The vulnerability was published on June 28, 2025, and assigned by Wordfence.
Potential Impact
For European organizations, this vulnerability poses a significant risk especially to those using WordPress websites with the Qi Addons For Elementor plugin installed. Since WordPress powers a large portion of websites globally, including in Europe, and Elementor is a popular page builder, many organizations could be affected. The ability for an attacker with contributor-level access to inject persistent scripts can lead to data breaches, theft of user credentials, defacement of websites, and erosion of customer trust. This is particularly critical for e-commerce, government, healthcare, and financial sector websites where sensitive personal and transactional data is processed. The scope change in the CVSS vector suggests that the vulnerability could impact other components or users beyond the initial plugin context, increasing the risk of widespread compromise. Additionally, the stored nature of the XSS means that the malicious payload can affect multiple users over time without repeated exploitation. Given the medium severity, the impact is non-trivial but not immediately catastrophic; however, the potential for chained attacks or further exploitation elevates the risk profile for European entities reliant on this plugin.
Mitigation Recommendations
European organizations should immediately audit their WordPress installations to identify the presence of the Qi Addons For Elementor plugin and determine the version in use. Until an official patch is released, the following specific mitigations are recommended: 1) Restrict Contributor-level access strictly to trusted users and review user roles to minimize unnecessary privileges. 2) Implement Web Application Firewall (WAF) rules that detect and block common XSS payload patterns targeting the affected parameters. 3) Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts on affected sites. 4) Conduct thorough input validation and output encoding on any custom code interacting with the plugin or its parameters. 5) Monitor website content for unauthorized script injections and unusual user activity. 6) Plan for rapid deployment of patches once available and test updates in staging environments before production rollout. 7) Educate content contributors about the risks of injecting untrusted content and enforce strict content moderation policies. These measures go beyond generic advice by focusing on access control, proactive detection, and layered defenses tailored to the plugin’s exploitation vector.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2025-06-18T19:37:05.618Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 685f72006f40f0eb726a8628
Added to database: 6/28/2025, 4:39:28 AM
Last enriched: 6/28/2025, 4:54:26 AM
Last updated: 7/1/2025, 11:54:01 AM
Views: 7
Related Threats
CVE-2025-6297: Vulnerability in Debian dpkg
HighCVE-2025-37099: Vulnerability in Hewlett Packard Enterprise Insight Remote Support
HighCVE-2025-6963: SQL Injection in Campcodes Employee Management System
MediumCVE-2025-6962: SQL Injection in Campcodes Employee Management System
MediumCVE-2025-6961: SQL Injection in Campcodes Employee Management System
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.