CVE-2025-6252
📋 TL;DR
The Qi Addons For Elementor WordPress plugin has a stored cross-site scripting (XSS) vulnerability that allows authenticated attackers with Contributor-level access or higher to inject malicious scripts into web pages. These scripts execute whenever users visit the compromised pages, potentially stealing credentials or performing unauthorized actions. All WordPress sites using this plugin up to version 1.9.1 are affected.
💻 Affected Systems
- Qi Addons For Elementor WordPress plugin
📦 What is this software?
Qi Addons For Elementor by Qodeinteractive
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, hijack user sessions, redirect visitors to malicious sites, or deface websites, potentially leading to complete site compromise and data theft.
Likely Case
Attackers with contributor access inject malicious scripts to steal user cookies and session tokens, enabling account takeover and privilege escalation.
If Mitigated
With proper input validation and output escaping, the vulnerability would be prevented, and with strong access controls limiting contributor permissions, the attack surface would be significantly reduced.
🎯 Exploit Status
Exploitation requires authenticated access but is technically simple once an attacker has contributor credentials. The vulnerability is well-documented in security advisories.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.9.2 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Qi Addons For Elementor' and click 'Update Now'. 4. Verify the plugin version is 1.9.2 or higher.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the Qi Addons For Elementor plugin until patched
wp plugin deactivate qi-addons-for-elementor
Restrict user roles
allTemporarily remove Contributor role access or limit to trusted users only
🧯 If You Can't Patch
- Implement a web application firewall (WAF) with XSS protection rules
- Regularly audit user accounts and remove unnecessary Contributor-level access
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for Qi Addons For Elementor versionCheck Version:
wp plugin get qi-addons-for-elementor --field=versionVerify Fix Applied:
Verify plugin version is 1.9.2 or higher in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to plugin endpoints with script tags
- Multiple failed login attempts followed by successful contributor login
Network Indicators:
- Inbound traffic to plugin-specific endpoints containing script payloads
- Outbound connections to suspicious domains after page loads
SIEM Query:
source="wordpress.log" AND ("qi-addons" OR "elementor") AND ("<script>" OR "javascript:" OR "onerror=" OR "onload=")🔗 References
- https://plugins.trac.wordpress.org/browser/qi-addons-for-elementor/trunk/assets/js/main.js
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3318746%40qi-addons-for-elementor%2Ftrunk&old=3308494%40qi-addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/0ef82a52-0a32-4dc4-b027-3d2098549404?source=cve
