CVE-2025-8564 in SKT Addons for Elementor Plugin
Summary
by MITRE • 09/06/2025
The SKT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 09/06/2025
The vulnerability identified as CVE-2025-8564 affects the SKT Addons for Elementor plugin, a popular WordPress plugin that extends the functionality of the Elementor page builder. This particular flaw represents a critical security issue that undermines the integrity of WordPress sites utilizing this plugin, as it allows for persistent malicious code execution through carefully crafted user inputs. The vulnerability exists within the plugin's handling of user-supplied data across multiple widgets, making it a widespread concern that impacts all versions up to and including 3.7. The flaw specifically resides in the plugin's failure to properly sanitize and escape user inputs before processing them within the WordPress environment, creating an avenue for attackers to inject malicious scripts that can persist across user sessions.
The technical nature of this vulnerability aligns with CWE-79, which describes Cross-Site Scripting (XSS) conditions where improper validation of user-supplied data allows attackers to inject malicious scripts into web pages viewed by other users. This particular implementation flaw occurs when the plugin fails to properly escape output when rendering content generated from user inputs, creating a persistent XSS vector. The vulnerability's impact is amplified by the fact that it requires only contributor-level access or higher, meaning that users with relatively low privileges can exploit this weakness to compromise the entire site. The attack vector involves an authenticated attacker who can manipulate the plugin's widgets to inject malicious JavaScript code, which then executes whenever any user accesses pages containing the injected content, making the attack potentially widespread and difficult to detect.
The operational impact of this vulnerability extends far beyond simple script injection, as it provides attackers with a persistent foothold within the WordPress environment. Once a malicious script is injected, it can be used to steal user credentials, manipulate content, redirect users to malicious sites, or even establish further attack vectors within the compromised WordPress installation. The stored nature of this XSS vulnerability means that the malicious scripts persist in the database, executing every time affected pages are loaded, which makes detection and remediation more challenging for administrators. This vulnerability essentially transforms the compromised WordPress site into a potential command and control center for attackers, as the injected scripts can perform actions such as modifying user permissions, accessing sensitive data, or even installing additional malware.
Mitigation strategies for CVE-2025-8564 should prioritize immediate action including updating the SKT Addons for Elementor plugin to the latest available version that addresses this vulnerability. Organizations should also implement additional security measures such as monitoring user activity for suspicious behavior, implementing content security policies to prevent script execution, and conducting thorough security audits of all installed plugins and themes. The principle of least privilege should be enforced by limiting user access rights to only those necessary for their role, reducing the potential impact of compromised accounts. Security professionals should also consider implementing web application firewalls and regular vulnerability scanning to detect similar issues in other components of their WordPress installations. According to ATT&CK framework category T1566, this vulnerability falls under the technique of "Phishing with Malicious Attachments" and potentially "Spearphishing via Service" as attackers may use the compromised site to distribute malicious content to other users, making comprehensive network monitoring essential for early detection of such attacks.