Stored Cross-Site Scripting Vulnerability in Element Pack by BDThemes
CVE-2025-8100
5.4MEDIUM
Key Information:
- Vendor
WordPress
- Status
- Vendor
- CVE Published:
- 6 August 2025
What is CVE-2025-8100?
The Element Pack Elementor Addons and Templates plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping in the 'marker_content' parameter. This vulnerability enables authenticated attackers, including those with contributor-level access, to embed malicious web scripts within pages. When a user accesses any modified page, these scripts will execute, potentially compromising sensitive user data and site integrity.
Affected Version(s)
Element Pack Addons for Elementor – Mega Menu, Header Footer, Dynamic Builder and Ready Templates * <= 8.1.5