CVE-2025-0371 – The JetElements WordPress plugin has a stored c... (How to Fix)

Q: What is the severity of CVE-2025-0371?

CVE-2025-0371 has a CVSS score of 6.4 (MEDIUM). The JetElements WordPress plugin has a stored cross-site scripting vulnerability that allows authenticated attackers with contributor-level access or higher to inject malicious scripts into website pages. These scripts execute whenever users view the compromised pages, potentially stealing credentials or performing unauthorized actions. All WordPress sites using JetElements up to version 2.7.2.1 are affected.

📋 TL;DR

The JetElements WordPress plugin has a stored cross-site scripting vulnerability that allows authenticated attackers with contributor-level access or higher to inject malicious scripts into website pages. These scripts execute whenever users view the compromised pages, potentially stealing credentials or performing unauthorized actions. All WordPress sites using JetElements up to version 2.7.2.1 are affected.

💻 Affected Systems

Products:

JetElements for WordPress

Versions: All versions up to and including 2.7.2.1

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with JetElements plugin enabled and at least one contributor-level user account.

📦 What is this software?

Jetelements by Crocoblock

View all CVEs affecting Jetelements →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, take over the WordPress site, install backdoors, deface the website, or redirect users to malicious sites, potentially leading to complete site compromise and data theft.

🟠

Likely Case

Attackers with contributor access inject malicious scripts to steal user session cookies, redirect users to phishing pages, or perform actions on behalf of authenticated users, leading to account compromise and data leakage.

🟢

If Mitigated

With proper access controls limiting contributor accounts and regular security monitoring, impact is reduced to isolated script injection that may be detected before causing significant harm.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access (contributor or higher) and knowledge of vulnerable widget parameters. Public exploit details are available in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.7.3 or later

Vendor Advisory: https://crocoblock.com/changelog/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find JetElements and click 'Update Now'. 4. Verify version is 2.7.3 or higher. 5. Clear any caching plugins or CDN caches.

🔧 Temporary Workarounds

Temporary Plugin Deactivation

all

Disable JetElements plugin until patched to prevent exploitation

wp plugin deactivate jet-elements

Restrict Contributor Access

all

Temporarily remove or downgrade contributor-level user accounts

wp user list --role=contributor --field=ID
wp user set-role <user_id> subscriber

🧯 If You Can't Patch

Remove or restrict all contributor-level user accounts to prevent exploitation
Implement web application firewall rules to block XSS payloads targeting JetElements widgets

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins for JetElements version. If version is 2.7.2.1 or lower, the site is vulnerable.

Check Version:

wp plugin get jet-elements --field=version

Verify Fix Applied:

After updating, verify JetElements version shows 2.7.3 or higher in WordPress plugins list. Test vulnerable widgets with safe payloads to confirm sanitization.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to WordPress admin-ajax.php with JetElements parameters
JavaScript payloads in post/page content from contributor accounts
Multiple failed login attempts followed by successful contributor login

Network Indicators:

Outbound connections to suspicious domains from WordPress site
Unexpected script tags in HTTP responses containing JetElements widget content

SIEM Query:

source="wordpress.log" AND ("jet-elements" OR "jetelements") AND ("script" OR "onclick" OR "javascript:" OR "<svg" OR "<iframe")

📊 Metadata

CVE ID: CVE-2025-0371

CVSS v3 Score: 6.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.08% exploit probability (22.8th percentile)

Published: January 21, 2025

Last Updated: January 31, 2025

🔗 References

https://crocoblock.com/changelog/ Release Notes
https://www.wordfence.com/threat-intel/vulnerabilities/id/ded2f366-375c-4cf6-9cbd-c969a3b3d6d5?source=cve Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-0371, you might also want to check these: