CVE-2025-67951 in Addons for Elementor Plugin
Summary
by MITRE • 12/16/2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM WPZOOM Addons for Elementor wpzoom-elementor-addons allows DOM-Based XSS.This issue affects WPZOOM Addons for Elementor: from n/a through <= 1.2.10.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 12/16/2025
This vulnerability represents a critical cross-site scripting flaw that specifically targets the WPZOOM Addons for Elementor plugin, a popular WordPress extension that enhances Elementor page builder functionality. The issue manifests as a DOM-based XSS vulnerability, which means that malicious scripts can be injected into web pages through the manipulation of the Document Object Model rather than traditional server-side input handling. This particular vulnerability exists within the wpzoom-elementor-addons plugin and impacts versions ranging from the initial release through version 1.2.10, indicating a significant attack surface that has remained unpatched for an extended period. The vulnerability occurs during the web page generation process when input data is not properly sanitized or neutralized before being rendered in the browser environment.
The technical flaw stems from insufficient input validation and sanitization mechanisms within the plugin's codebase, particularly in how it processes user-supplied data that gets incorporated into dynamic web page elements. When users interact with the Elementor editor or view pages that utilize WPZOOM Addons functionality, the plugin fails to adequately escape or filter potentially malicious input that could contain script tags or other harmful code sequences. This DOM-based nature means that the attack vector operates entirely within the browser context, leveraging the fact that the plugin does not properly handle or sanitize data that flows through the DOM structure. The vulnerability is particularly dangerous because it can be exploited without requiring direct database access or server-side code execution, making it accessible to attackers who can manipulate the plugin's behavior through crafted user input.
The operational impact of this vulnerability is severe and multifaceted, as it allows attackers to execute arbitrary JavaScript code in the context of any user's browser who visits affected pages. This could enable session hijacking, credential theft, redirection to malicious sites, or the execution of additional attacks through the compromised user's browser. The vulnerability affects not only the plugin's administrators but also end-users who might encounter malicious content while browsing pages that utilize the affected functionality. Attackers could leverage this flaw to inject malicious scripts that persist across user sessions, potentially leading to long-term compromise of user accounts and sensitive data exposure. The widespread use of Elementor and its addons makes this vulnerability particularly attractive to threat actors who can exploit it across numerous WordPress installations simultaneously.
Security mitigation strategies should prioritize immediate patching of the vulnerable plugin to version 1.2.11 or later, as this would address the root cause of the input sanitization issues. Organizations should also implement comprehensive input validation measures at multiple layers, including client-side filtering and server-side sanitization of all user-provided data. Network-level protections such as content security policies and web application firewalls can provide additional defense-in-depth measures to detect and block malicious script injection attempts. The vulnerability aligns with CWE-79, which specifically addresses cross-site scripting flaws in web applications, and maps to ATT&CK technique T1566.001 for initial access through malicious web content. Regular security auditing of third-party plugins, maintaining updated security tooling, and implementing proper input sanitization practices throughout the application lifecycle are essential measures to prevent similar vulnerabilities from occurring in the future.