cleantalk
Vulnerabilities and Security Researches

Generic Elements, CVE-2025-9080

CVE, Research URL

CVE-2025-9080

Home page URL

Security reports for Generic Elements

Application

Generic Elements

Published on
Oct 03, 2025
Research Description
The Generic Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widget fields in version 1.2.8 and earlier. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.2.8.
Status
vulnerable
Previous vulnerability researches
Maps for WP (CVE-2025-57952) , Apr 24, 2026
Maps for WP (CVE-2025-32179) , Apr 06, 2025
Maps for WP (CVE-2024-13648) , Feb 22, 2025
New vulnerability
Email Marketing, Email Automation & Newsletter for WordPress & WooCommerce – Mail Mint (CVE-2025-59570) , Apr 25, 2026
xili-language (CVE-2025-58654) , Apr 25, 2026
Ultimate WP Mail (CVE-2025-53454) , Apr 25, 2026
WPGraphQL Smart Cache (67bffa5233e71f0f6e6f08ff3569e436ffd493ff) , Apr 25, 2026
BSK PDF Manager (CVE-2025-4970) , Apr 25, 2026