cleantalk
Vulnerabilities and Security Researches

Generic Elements, CVE-2025-9080

CVE, Research URL

CVE-2025-9080

Home page URL

Security reports for Generic Elements

Application

Generic Elements

Published on
Oct 03, 2025
Research Description
The Generic Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widget fields in version 1.2.8 and earlier. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.2.8.
Status
vulnerable
Previous vulnerability researches
Generic Elements (CVE-2024-53709) , Nov 26, 2024
Generic Elements (CVE-2025-9080) , Apr 25, 2026
Generic Elements (CVE-2025-62082) , Dec 11, 2025
New vulnerability
WP Proposals (CVE-2025-57965) , Apr 25, 2026
Countdown Timer for Elementor (CVE-2025-8445) , Apr 25, 2026
Library Bookshelves (CVE-2025-57964) , Apr 25, 2026
Best WooCommerce Builder for Elementor: Customize Checkout, Shop, Product & More With CoDesigner (CVE-2025-57961) , Apr 25, 2026
Themify Builder (CVE-2025-9353) , Apr 25, 2026