CVE-2025-8199 is a stored Cross-Site Scripting vulnerability classified under CWE-79, found in the Marquee Addons for Elementor – Advanced Elements & Modern Motion Widgets WordPress plugin developed by debuggersstudio. The flaw resides in the Testimonial Marquee widget, where user-supplied attributes are not properly sanitized or escaped before being rendered on web pages. This allows authenticated users with contributor-level privileges or higher to inject arbitrary JavaScript code that is persistently stored and executed in the context of any user viewing the affected page. The vulnerability affects all versions up to and including 2.4.3. Exploitation requires network access and authenticated contributor-level privileges but does not require user interaction to trigger the malicious script once injected. The CVSS v3.1 base score is 6.4, reflecting a medium severity with a vector indicating network attack vector, low attack complexity, privileges required, no user interaction, and a scope change. The impact includes potential confidentiality and integrity breaches such as session hijacking, credential theft, or unauthorized actions performed on behalf of users. No patches or official fixes are currently linked, and no known exploits have been reported in the wild as of the publication date. The vulnerability is significant for WordPress sites using this plugin, especially those with multiple contributors or public-facing testimonial widgets.

For European organizations, this vulnerability poses a moderate risk primarily to websites running WordPress with the vulnerable Marquee Addons plugin installed. Exploitation could lead to unauthorized script execution, enabling attackers to steal session cookies, perform actions on behalf of users, or deface websites, thereby damaging reputation and potentially exposing sensitive user data. Organizations in sectors such as e-commerce, media, education, and government that rely on WordPress for public-facing content and allow contributor-level access to multiple users are particularly at risk. The confidentiality and integrity of user data and site content are at risk, though availability is not directly impacted. Given the widespread use of WordPress in Europe and the popularity of Elementor and its addons, the potential attack surface is substantial. The requirement for contributor-level authentication limits exposure somewhat but does not eliminate risk, especially in environments with many contributors or weak internal access controls.

European organizations should immediately audit their WordPress installations to identify the presence of the Marquee Addons for Elementor plugin and verify the version in use. If running version 2.4.3 or earlier, they should upgrade to the latest patched version once available or apply any vendor-provided patches. In the absence of official patches, organizations should consider temporarily disabling the Testimonial Marquee widget or the entire plugin to mitigate risk. Implement strict access controls to limit contributor-level privileges only to trusted users and enforce strong authentication mechanisms such as multi-factor authentication. Additionally, deploy Web Application Firewalls (WAFs) with custom rules to detect and block suspicious script injection attempts targeting the vulnerable widget parameters. Regularly monitor logs for unusual activity related to testimonial content updates. Educate content contributors about the risks of injecting untrusted content and enforce input validation policies. Finally, maintain an incident response plan to quickly address any exploitation attempts.