CVE-2025-8445 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Countdown Timer for Elementor WordPress plugin developed by shaikhaezaz80. This vulnerability exists in all versions up to and including 1.3.9 due to insufficient sanitization and escaping of user input in the 'countdown_label' parameter. An authenticated attacker with at least Contributor-level privileges can inject arbitrary JavaScript code into pages using this parameter. When other users visit the affected pages, the malicious script executes in their browsers, potentially leading to session hijacking, privilege escalation, or other malicious actions. The vulnerability is classified under CWE-79, which concerns improper neutralization of input during web page generation. The CVSS v3.1 base score is 6.4 (medium severity), reflecting network exploitability (AV:N), low attack complexity (AC:L), requiring privileges (PR:L), no user interaction (UI:N), with a scope change (S:C), and limited confidentiality and integrity impact (C:L/I:L), but no availability impact (A:N). No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability affects all versions of the plugin, which is a popular add-on for Elementor, a widely used WordPress page builder.

For European organizations using WordPress websites with the Countdown Timer for Elementor plugin, this vulnerability poses a significant risk. An attacker with Contributor-level access—often granted to content editors or similar roles—can inject malicious scripts that execute in the browsers of site visitors or administrators. This can lead to theft of authentication cookies, unauthorized actions performed on behalf of users, defacement, or distribution of malware. Given the widespread use of WordPress in Europe for corporate, governmental, and e-commerce websites, exploitation could compromise sensitive data, damage brand reputation, and lead to regulatory non-compliance under GDPR if personal data is exposed. The scope change in the CVSS vector indicates that the vulnerability can affect resources beyond the initially compromised component, increasing the potential damage. Although no known exploits are reported yet, the low complexity and lack of required user interaction make it likely that attackers could develop exploits quickly once the vulnerability is publicized.

European organizations should immediately audit their WordPress installations to identify the presence of the Countdown Timer for Elementor plugin. Until an official patch is released, administrators should consider disabling or removing the plugin to eliminate the attack surface. Restrict Contributor-level permissions strictly and review user roles to minimize the number of users who can inject content. Implement Web Application Firewalls (WAFs) with custom rules to detect and block suspicious input patterns targeting the 'countdown_label' parameter. Employ Content Security Policy (CSP) headers to restrict script execution sources, mitigating the impact of injected scripts. Regularly monitor logs for unusual activities related to plugin usage or user input. Once a patch is available, apply it promptly and verify the fix. Additionally, educate content contributors about the risks of injecting untrusted content and enforce input validation policies at the application level.