Cross-site Scripting Vulnerability in WPKoi Templates for Elementor
CVE-2025-57999

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: WPkoi Templates For Elementor
Vendor: CVE Published:; 22 September 2025

What is CVE-2025-57999?

An identified vulnerability in WPKoi Templates for Elementor allows for DOM-Based Cross-site Scripting (XSS), posing a risk of unauthorized script execution within the web page. This security flaw enables attackers to inject malicious scripts that could compromise the integrity of user sessions and expose sensitive information. Affected versions range from n/a to 3.4.1, making it crucial for users to secure their installations promptly.

Affected Version(s)

WPKoi Templates for Elementor <= 3.4.1

References

https://patchstack.com/database/wordpress/plugin/wpkoi-te...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 22, 2025
Vulnerability Reserved
Aug 22, 2025

Credit

Abu Hurayra (Patchstack Alliance)

JSON