Cross-site Scripting Vulnerability in HashThemes Easy Elementor Addons
CVE-2025-26912

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Easy Elementor Addons
Vendor: CVE Published:; 25 February 2025

What is CVE-2025-26912?

The Easy Elementor Addons plugin by HashThemes is prone to a Cross-site Scripting (XSS) vulnerability due to improper neutralization of user input during web page generation. This vulnerability can be exploited to execute arbitrary JavaScript in the user's browser, posing significant security risks, especially in the context of stored XSS attacks. The affected versions range from n/a to 2.1.6, highlighting the importance of ensuring your installation is up to date to mitigate potential exploits.

Affected Version(s)

Easy Elementor Addons <= 2.1.6

References

https://patchstack.com/database/wordpress/plugin/easy-ele...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 25, 2025
Vulnerability Reserved
Feb 17, 2025

Credit

Prissy (Patchstack Alliance)