Stored Cross-Site Scripting Vulnerability in Exclusive Addons for Elementor WordPress Plugin
CVE-2025-7498

6.4MEDIUM

Key Information:

Vendor

WordPress
Status
Exclusive Addons For Elementor
Vendor
CVE Published:
6 August 2025

What is CVE-2025-7498?

The Exclusive Addons for Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting via the Countdown Widget. This vulnerability arises from insufficient input sanitization and output escaping, which allows authenticated attackers with Contributor-level access or higher to inject malicious web scripts. These scripts can execute when users access compromised pages, potentially leading to unauthorized actions and data theft.

Affected Version(s)

Exclusive Addons for Elementor * <= 2.7.9.4

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/exclusive-addo...
https://plugins.trac.wordpress.org/browser/exclusive-addo...

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Craig Smith
.