Cross-site Scripting Vulnerability in CreativeMedia Elite Video Player
CVE-2025-30988

7.1HIGH

Key Information:

Vendor: WordPress
Status: Elite Video Player
Vendor: CVE Published:; 17 June 2025

What is CVE-2025-30988?

The vulnerability in CreativeMedia's Elite Video Player arises from improper input neutralization during web page generation, allowing for persistent Cross-site Scripting (XSS) attacks. Attackers can exploit this flaw to inject malicious scripts into web pages viewed by other users, leading to potential data theft, session hijacking, and other malicious activities. This issue affects versions of the Elite Video Player up to 10.0.5, making it critical for users to implement patches or updates to mitigate the risks.

Affected Version(s)

Elite Video Player <= 10.0.5

References

https://patchstack.com/database/wordpress/plugin/elite-vi...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2025
Vulnerability Reserved
Mar 26, 2025

Credit

Anhchangmutrang (Patchstack Alliance)