cleantalk
Vulnerabilities and Security Researches

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders, CVE-2025-8451

CVE, Research URL

CVE-2025-8451

Home page URL

Security reports for Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

Application

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

Published on
Aug 15, 2025
Research Description
The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘data-gallery-items’ parameter in all versions up to, and including, 6.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 6.2.3.
Status
vulnerable
Previous vulnerability researches
Thank You Page Customizer for WooCommerce – Increase Your Sales (CVE-2025-30993) , Aug 15, 2025
Thank You Page Customizer for WooCommerce – Increase Your Sales (CVE-2024-1686) , Jun 07, 2024
Thank You Page Customizer for WooCommerce – Increase Your Sales (CVE-2024-1687) , Jun 07, 2024
Thank You Page Customizer for WooCommerce – Increase Your Sales (CVE-2022-46812) , Jun 07, 2024
Thank You Page Customizer for WooCommerce – Increase Your Sales (CVE-2022-46810) , Jun 07, 2024
New vulnerability
Netease Music (CVE-2025-49052) , Aug 15, 2025
Quttera Web Malware Scanner (CVE-2025-8013) , Aug 15, 2025
DigitalOcean Spaces Sync (CVE-2025-49047) , Aug 15, 2025
Graphina – Elementor Charts and Graphs (CVE-2025-8867) , Aug 15, 2025
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders (CVE-2025-8451) , Aug 15, 2025