DOM-Based Stored Cross-Site Scripting Vulnerabilities in King Addons for Elementor Plugin

CVE-2025-13535

What is CVE-2025-13535?

The King Addons for Elementor plugin for WordPress is affected by multiple DOM-Based Stored Cross-Site Scripting vulnerabilities due to insufficient input sanitization and output escaping in its widget features. All versions up to and including 51.1.38 are impacted. Attackers with Contributor-level access can exploit these vulnerabilities by injecting malicious scripts into Elementor widget settings, which may execute when the targeted page is accessed. This is facilitated by unsafe JavaScript methods and improper escaping techniques within the plugin, allowing HTML entities to be decoded by the browser's DOM. As a result, it is crucial to update to the latest version where partial patches have been applied to mitigate these risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References