CVE-2025-68532 is a stored Cross-site Scripting (XSS) vulnerability found in the ModelTheme Addons for WPBakery and Elementor WordPress plugins, specifically affecting versions prior to 1.5.6. The vulnerability stems from improper neutralization of user-supplied input during the generation of web pages, which allows attackers to inject malicious JavaScript code that is stored persistently on the affected website. When other users visit the compromised pages, the malicious script executes in their browsers within the context of the vulnerable site. This can lead to a range of attacks including session hijacking, credential theft, unauthorized actions on behalf of users, and defacement of the website. The vulnerability is particularly dangerous because it is stored XSS, meaning the payload remains on the server and affects all visitors to the infected page. Although the exact authentication requirements are not specified, stored XSS in WordPress plugins often can be exploited by users with low privileges or via publicly accessible input fields, increasing the attack surface. The affected product is widely used in WordPress sites that employ WPBakery and Elementor page builders, which are popular tools for creating and managing website content. No known exploits are currently reported in the wild, but the vulnerability has been publicly disclosed and patched in version 1.5.6 or later. The lack of a CVSS score necessitates an independent severity assessment based on impact and exploitability factors.

For European organizations, this vulnerability poses significant risks to website security and user data confidentiality. Exploitation can lead to theft of session cookies, enabling attackers to impersonate legitimate users, including administrators, potentially resulting in full site compromise. The integrity of website content can be undermined by defacement or injection of malicious content, damaging brand reputation and user trust. Availability could be indirectly affected if attackers use the vulnerability to inject scripts that perform denial-of-service or redirect users to malicious sites. Organizations in sectors such as e-commerce, finance, healthcare, and government are particularly vulnerable due to the sensitive nature of their data and reliance on web presence. Given the widespread use of WordPress and these addons in Europe, the vulnerability could affect a large number of sites, increasing the potential attack surface. Additionally, regulatory frameworks like GDPR impose strict requirements on data protection, and exploitation leading to data breaches could result in legal and financial penalties.

1. Immediately update ModelTheme Addons for WPBakery and Elementor to version 1.5.6 or later once the patch is available to remediate the vulnerability. 2. Implement strict input validation and output encoding on all user-supplied data fields to prevent injection of malicious scripts. 3. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. 4. Regularly audit and monitor website logs for unusual activities or injection attempts indicative of exploitation. 5. Limit user privileges on WordPress sites to the minimum necessary, reducing the risk of low-privilege users injecting malicious content. 6. Conduct security awareness training for site administrators and developers on secure coding practices and vulnerability management. 7. Use web application firewalls (WAFs) configured to detect and block XSS payloads targeting known vulnerable endpoints. 8. Maintain regular backups of website content to enable quick restoration in case of compromise.