Stored Cross-Site Scripting Vulnerability in Element Pack by BDThemes
CVE-2025-8100

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: Element Pack Addons For Elementor – Mega Menu, Header Footer, Dynamic Builder And Ready Templates
Vendor: CVE Published:; 6 August 2025

What is CVE-2025-8100?

The Element Pack Elementor Addons and Templates plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping in the 'marker_content' parameter. This vulnerability enables authenticated attackers, including those with contributor-level access, to embed malicious web scripts within pages. When a user accesses any modified page, these scripts will execute, potentially compromising sensitive user data and site integrity.

Affected Version(s)

Element Pack Addons for Elementor – Mega Menu, Header Footer, Dynamic Builder and Ready Templates * <= 8.1.5

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/bdthemes-eleme...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 6, 2025
Vulnerability Reserved
Jul 23, 2025

Credit

D.Sim