CVE-2025-6550: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in webangon The Pack Elementor addon
The The Pack Elementor addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slider_options’ parameter in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
AI Analysis
Technical Summary
CVE-2025-6550 is a stored Cross-Site Scripting (XSS) vulnerability identified in the 'The Pack Elementor addon' plugin for WordPress, developed by webangon. This vulnerability affects all versions up to and including 2.1.4. The root cause is insufficient input sanitization and output escaping of the 'slider_options' parameter, which allows an authenticated attacker with Contributor-level access or higher to inject arbitrary malicious scripts into pages generated by the plugin. These scripts execute in the context of any user who views the compromised page, potentially leading to session hijacking, privilege escalation, or unauthorized actions on behalf of the victim user. The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation), indicating a failure to properly sanitize user-supplied input before rendering it in web pages. The CVSS v3.1 base score is 6.4 (medium severity), with an attack vector of network (remote exploitation), low attack complexity, requiring privileges (Contributor or above), no user interaction, and a scope change, meaning the vulnerability affects resources beyond the initially vulnerable component. The impact affects confidentiality and integrity but not availability. No known exploits are currently reported in the wild, and no patches have been linked yet. However, the vulnerability poses a significant risk in environments where multiple users have Contributor or higher roles, as it can be leveraged to compromise other users' accounts or site integrity through malicious script execution.
Potential Impact
For European organizations, especially those relying on WordPress websites with the Elementor page builder and the vulnerable 'The Pack Elementor addon', this vulnerability presents a moderate risk. Stored XSS can lead to theft of session cookies, enabling attackers to impersonate users, including administrators, potentially resulting in unauthorized access to sensitive data or site control. This can damage organizational reputation, lead to data breaches involving personal data protected under GDPR, and cause operational disruptions. The requirement for Contributor-level access limits exploitation to insiders or compromised accounts, but many organizations grant such privileges to multiple users, increasing risk. The scope change in the vulnerability means that the impact can extend beyond the plugin itself, potentially affecting the entire website and its users. European organizations with public-facing WordPress sites used for e-commerce, customer engagement, or internal portals are particularly at risk. The absence of known exploits in the wild suggests a window for proactive mitigation before widespread attacks occur.
Mitigation Recommendations
1. Immediate review and restriction of user roles: Limit Contributor-level and higher privileges to trusted personnel only, and audit existing user accounts for unnecessary elevated permissions. 2. Implement strict input validation and output encoding: Until an official patch is released, apply custom filters or security plugins that sanitize the 'slider_options' parameter inputs and escape outputs to prevent script injection. 3. Monitor website content for unauthorized script injections: Use web application firewalls (WAFs) with XSS detection capabilities and regularly scan the site for malicious scripts or anomalies. 4. Keep WordPress core, themes, and plugins updated: Monitor vendor announcements for patches to 'The Pack Elementor addon' and apply updates promptly once available. 5. Employ Content Security Policy (CSP) headers: Configure CSP to restrict execution of inline scripts and loading of untrusted resources, mitigating the impact of injected scripts. 6. Educate users with elevated privileges about phishing and credential security to reduce risk of account compromise. 7. Backup website data regularly to enable quick restoration if exploitation occurs.
Affected Countries
Germany, United Kingdom, France, Netherlands, Italy, Spain, Poland, Sweden
CVE-2025-6550: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in webangon The Pack Elementor addon
Description
The The Pack Elementor addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slider_options’ parameter in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
AI-Powered Analysis
Technical Analysis
CVE-2025-6550 is a stored Cross-Site Scripting (XSS) vulnerability identified in the 'The Pack Elementor addon' plugin for WordPress, developed by webangon. This vulnerability affects all versions up to and including 2.1.4. The root cause is insufficient input sanitization and output escaping of the 'slider_options' parameter, which allows an authenticated attacker with Contributor-level access or higher to inject arbitrary malicious scripts into pages generated by the plugin. These scripts execute in the context of any user who views the compromised page, potentially leading to session hijacking, privilege escalation, or unauthorized actions on behalf of the victim user. The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation), indicating a failure to properly sanitize user-supplied input before rendering it in web pages. The CVSS v3.1 base score is 6.4 (medium severity), with an attack vector of network (remote exploitation), low attack complexity, requiring privileges (Contributor or above), no user interaction, and a scope change, meaning the vulnerability affects resources beyond the initially vulnerable component. The impact affects confidentiality and integrity but not availability. No known exploits are currently reported in the wild, and no patches have been linked yet. However, the vulnerability poses a significant risk in environments where multiple users have Contributor or higher roles, as it can be leveraged to compromise other users' accounts or site integrity through malicious script execution.
Potential Impact
For European organizations, especially those relying on WordPress websites with the Elementor page builder and the vulnerable 'The Pack Elementor addon', this vulnerability presents a moderate risk. Stored XSS can lead to theft of session cookies, enabling attackers to impersonate users, including administrators, potentially resulting in unauthorized access to sensitive data or site control. This can damage organizational reputation, lead to data breaches involving personal data protected under GDPR, and cause operational disruptions. The requirement for Contributor-level access limits exploitation to insiders or compromised accounts, but many organizations grant such privileges to multiple users, increasing risk. The scope change in the vulnerability means that the impact can extend beyond the plugin itself, potentially affecting the entire website and its users. European organizations with public-facing WordPress sites used for e-commerce, customer engagement, or internal portals are particularly at risk. The absence of known exploits in the wild suggests a window for proactive mitigation before widespread attacks occur.
Mitigation Recommendations
1. Immediate review and restriction of user roles: Limit Contributor-level and higher privileges to trusted personnel only, and audit existing user accounts for unnecessary elevated permissions. 2. Implement strict input validation and output encoding: Until an official patch is released, apply custom filters or security plugins that sanitize the 'slider_options' parameter inputs and escape outputs to prevent script injection. 3. Monitor website content for unauthorized script injections: Use web application firewalls (WAFs) with XSS detection capabilities and regularly scan the site for malicious scripts or anomalies. 4. Keep WordPress core, themes, and plugins updated: Monitor vendor announcements for patches to 'The Pack Elementor addon' and apply updates promptly once available. 5. Employ Content Security Policy (CSP) headers: Configure CSP to restrict execution of inline scripts and loading of untrusted resources, mitigating the impact of injected scripts. 6. Educate users with elevated privileges about phishing and credential security to reduce risk of account compromise. 7. Backup website data regularly to enable quick restoration if exploitation occurs.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2025-06-23T20:02:33.314Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 685e499eca1063fb87560139
Added to database: 6/27/2025, 7:34:54 AM
Last enriched: 7/14/2025, 9:10:18 PM
Last updated: 8/16/2025, 6:35:15 PM
Views: 38
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.