CVE-2025-5292
📋 TL;DR
This stored XSS vulnerability in Element Pack Addons for Elementor allows authenticated attackers with Contributor-level access or higher to inject malicious scripts via the 'marker_content' parameter. The scripts execute when users view compromised pages, potentially stealing session cookies or redirecting to malicious sites. All WordPress sites using this plugin up to version 5.11.2 are affected.
💻 Affected Systems
- Element Pack Addons for Elementor WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, take over the WordPress site, install backdoors, or redirect visitors to phishing/malware sites, leading to complete site compromise and data theft.
Likely Case
Attackers with contributor access inject malicious scripts to steal user session cookies, perform actions as authenticated users, or deface website content.
If Mitigated
With proper user role management and input validation, impact is limited to content defacement or minor data exposure from lower-privileged accounts.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once an attacker has contributor privileges. Public proof-of-concept exists in vulnerability reports.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5.11.3 or later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3302152/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Element Pack Addons for Elementor'. 4. Click 'Update Now' if available. 5. If no update appears, manually download version 5.11.3+ from WordPress.org and replace plugin files.
🔧 Temporary Workarounds
Temporary Input Sanitization
allAdd custom sanitization filter for marker_content parameter
Add to theme's functions.php: add_filter('element_pack_marker_content', 'wp_kses_post');
Restrict User Roles
allTemporarily remove contributor role access or downgrade to subscriber
Use WordPress user management or plugins like 'User Role Editor' to modify capabilities
🧯 If You Can't Patch
- Disable the Element Pack Addons plugin completely until patched
- Implement strict Content Security Policy (CSP) headers to mitigate script execution
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Element Pack Addons → Version. If version is 5.11.2 or lower, you are vulnerable.Check Version:
wp plugin list --name='Element Pack Addons' --field=versionVerify Fix Applied:
After updating, verify version is 5.11.3 or higher. Test marker_content fields with basic script tags to ensure they are sanitized.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to admin-ajax.php with marker_content parameter containing script tags
- Multiple failed login attempts followed by contributor account access
Network Indicators:
- Unexpected JavaScript loading from WordPress pages
- Suspicious outbound connections after page views
SIEM Query:
source="wordpress.log" AND "marker_content" AND ("<script" OR "javascript:")