CVE-2025-1571
📋 TL;DR
This vulnerability allows authenticated WordPress users with contributor-level access or higher to inject malicious scripts into web pages using the Exclusive Addons for Elementor plugin. The scripts are stored and execute whenever users visit compromised pages, enabling session hijacking, defacement, or malware distribution. All WordPress sites using this plugin up to version 2.7.6 are affected.
💻 Affected Systems
- Exclusive Addons for Elementor WordPress plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, redirect users to malicious sites, install backdoors, or completely compromise the WordPress site and potentially the server.
Likely Case
Site defacement, cookie/session theft for lower-privileged users, or redirection to phishing/malware sites affecting visitors.
If Mitigated
Limited to authenticated user compromise if proper input validation and output escaping are implemented.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once attacker has contributor-level credentials.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.7.7
Vendor Advisory: https://wordpress.org/plugins/exclusive-addons-for-elementor/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Exclusive Addons for Elementor'. 4. Click 'Update Now' if available, or manually update to version 2.7.7+. 5. Verify update completes successfully.
🔧 Temporary Workarounds
Disable vulnerable widgets
allTemporarily disable Animated Text and Image Comparison widgets in Elementor settings
Restrict user roles
allRemove contributor-level access from untrusted users until patch is applied
🧯 If You Can't Patch
- Implement Web Application Firewall (WAF) rules to block XSS payloads
- Enable Content Security Policy (CSP) headers to restrict script execution
🔍 How to Verify
Check if Vulnerable:
Check plugin version in WordPress admin → Plugins → Installed Plugins. If version is 2.7.6 or lower, you are vulnerable.Check Version:
wp plugin list --name=exclusive-addons-for-elementor --field=versionVerify Fix Applied:
Verify plugin version is 2.7.7 or higher after update. Test widget functionality to ensure no regression.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to widget endpoints
- Multiple failed login attempts followed by successful contributor login
- Suspicious script tags in page content
Network Indicators:
- Malicious script payloads in HTTP requests to /wp-admin/ or /wp-json/ endpoints
SIEM Query:
source="wordpress.log" AND ("exclusive-addons" OR "animated-text" OR "image-comparison") AND ("script" OR "onerror" OR "javascript:")