CVE-2025-4774 in Premium Addons for Elementor Plugininformation

Résumé

par MITRE • 10/06/2025

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-countdown attribute of Countdown widget in all versions up to, and including, 4.11.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Réserver

15/05/2025

Divulgation

10/06/2025

Modérer

accepté

Entrée

VDB-311814

CPE

prêt

EPSS

0.00218

KEV

non

Activités

très faible

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!