Cross-Site Scripting Vulnerability in HashThemes Easy Elementor Addons
CVE-2025-26761

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Easy Elementor Addons
Vendor: CVE Published:; 16 February 2025

What is CVE-2025-26761?

The Easy Elementor Addons by HashThemes is susceptible to a DOM-Based Cross-Site Scripting (XSS) vulnerability. This flaw arises from improper sanitization of user inputs during the web page generation process, allowing attackers to inject malicious scripts. Exploiting this vulnerability could lead to unauthorized actions performed on behalf of users or the execution of harmful scripts within the user's browser session, thereby jeopardizing the security of the impacted WordPress site. Users of Easy Elementor Addons versions up to 2.1.5 need to assess their current deployment and apply necessary security patches to mitigate potential risks.

Affected Version(s)

Easy Elementor Addons <= 2.1.5

References

https://patchstack.com/database/wordpress/plugin/easy-ele...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 16, 2025
Vulnerability Reserved
Feb 14, 2025

Credit

Gab (Patchstack Alliance)