CVE-2025-1039 – The Lenix Elementor Leads addon plugin for Word... (How to Fix)

Q: What is the severity of CVE-2025-1039?

CVE-2025-1039 has a CVSS score of 7.2 (HIGH). The Lenix Elementor Leads addon plugin for WordPress has a stored XSS vulnerability in URL form fields that allows unauthenticated attackers to inject malicious scripts. These scripts execute automatically when users visit compromised pages, potentially affecting all visitors to vulnerable WordPress sites. This affects all plugin versions up to and including 1.8.2.

📋 TL;DR

The Lenix Elementor Leads addon plugin for WordPress has a stored XSS vulnerability in URL form fields that allows unauthenticated attackers to inject malicious scripts. These scripts execute automatically when users visit compromised pages, potentially affecting all visitors to vulnerable WordPress sites. This affects all plugin versions up to and including 1.8.2.

💻 Affected Systems

Products:

Lenix Elementor Leads addon for WordPress

Versions: All versions up to and including 1.8.2

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires the plugin to be installed and active on WordPress sites using Elementor page builder.

📦 What is this software?

Lenix Leads Collector by Wpmaspik

View all CVEs affecting Lenix Leads Collector →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, redirect users to malicious sites, deface websites, or perform actions as authenticated users if combined with other vulnerabilities.

🟠

Likely Case

Attackers inject malicious scripts that steal user session cookies or redirect users to phishing sites, potentially compromising user accounts.

🟢

If Mitigated

With proper input validation and output escaping, the vulnerability would be prevented entirely.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Attackers can exploit this without authentication by submitting malicious URLs through the vulnerable form field.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 1.8.3 or later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3237538/lenix-elementor-leads-addon

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Lenix Elementor Leads addon' and check for updates. 4. Update to version 1.8.3 or later. 5. Verify the update completed successfully.

🔧 Temporary Workarounds

Disable vulnerable plugin

WordPress

Temporarily disable the Lenix Elementor Leads addon plugin until patched

wp plugin deactivate lenix-elementor-leads-addon

Implement WAF rules

all

Add web application firewall rules to block XSS payloads in URL parameters

🧯 If You Can't Patch

Remove or disable the Lenix Elementor Leads addon plugin entirely
Implement strict Content Security Policy (CSP) headers to limit script execution

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins for 'Lenix Elementor Leads addon' version 1.8.2 or earlier

Check Version:

wp plugin list --name='lenix-elementor-leads-addon' --field=version

Verify Fix Applied:

Verify plugin version is 1.8.3 or later in WordPress admin panel

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to form submission endpoints with script tags in URL parameters
Multiple failed form submissions with suspicious payloads

Network Indicators:

HTTP requests containing <script> tags or javascript: protocols in URL parameters
Outbound connections to suspicious domains from form submissions

SIEM Query:

source="wordpress" AND (uri="*<script>*" OR uri="*javascript:*") AND plugin="lenix-elementor-leads-addon"

📊 Metadata

CVE ID: CVE-2025-1039

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.38% exploit probability (58.6th percentile)

Published: February 20, 2025

Last Updated: July 7, 2025

🔗 References

https://plugins.trac.wordpress.org/changeset/3237538/lenix-elementor-leads-addon Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/29f835c8-769a-47c0-832f-622860b1c59c?source=cve Third Party Advisory
https://wpscan.com/vulnerability/0d1abaf9-4044-4dcc-95df-73f23a8a5a9f/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-1039, you might also want to check these: