Stored Cross-site Scripting Vulnerability in Jewel Theme Image Hover Effects for Elementor
CVE-2025-22323

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Image Hover Effects For Elementor
Vendor: CVE Published:; 7 January 2025

What is CVE-2025-22323?

The Jewel Theme Image Hover Effects for Elementor contains a vulnerability that allows for Stored Cross-site Scripting (XSS). This occurs due to improper input neutralization during web page generation, allowing an attacker to inject malicious scripts. Users of Image Hover Effects for Elementor, particularly those utilizing versions up to 1.0.2.3, should take immediate steps to mitigate this issue, as it can lead to unauthorized access and manipulation of user data.

Affected Version(s)

Image Hover Effects for Elementor <= 1.0.2.3

References

https://patchstack.com/database/wordpress/plugin/image-ho...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 7, 2025
Vulnerability Reserved
Jan 3, 2025

Credit

Gab (Patchstack Alliance)

JSON