Stored XSS in Detheme DethemeKit For Elementor Plugin
CVE-2025-26772

6.5MEDIUM

Key Information:

Vendor: Detheme
Status: Dethemekit For Elementor
Vendor: CVE Published:; 17 February 2025

Summary

The Detheme DethemeKit for Elementor plugin has a vulnerability that allows attackers to exploit improper input neutralization during web page generation, leading to stored cross-site scripting (XSS). This can enable an attacker to inject malicious scripts into user sessions, compromising user data and potentially allowing for further attacks on users of the website. Version 2.1.8 and earlier are affected, necessitating immediate attention from administrators to protect web assets.

Affected Version(s)

DethemeKit For Elementor <= 2.1.8

References

https://patchstack.com/database/wordpress/plugin/dethemek...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 17, 2025
Vulnerability Reserved
Feb 14, 2025

Credit

João Pedro S Alcântara (Kinorth) (Patchstack Alliance)