CVE-2025-24752

Published Apr 17, 2025

Last updated 2 months ago

CVSS high 7.1

Overview

Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor allows Reflected XSS. This issue affects Essential Addons for Elementor: from n/a through 6.0.14.
Source
audit@patchstack.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.1
Impact score
3.7
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Severity
HIGH

Weaknesses

audit@patchstack.com
CWE-79

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2025-24752 🔴 HIGH (7.1) 🏢 WPDeveloper - Essential Addons for Elementor 🏗️ Unknown Version 🔗 https://t.co/z5kDwBV7Vl #CyberCron #VulnAlert #InfoSec https://t.co/FmR6DmVgtj

    @cybercronai

    19 Apr 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. به تازگی برای پلاگین Elementor مربوط به Wordpress آسیب پذیری با کد شناسایی  CVE-2025-24752 منتشر شده است. این آسیب پذیری از نوع xss بوده و ۲ میلیون وب سایت wordpress براساس آمار نصب این‌ پلاگین در معرض خطر هستند. https://t.co/Poz3aKYxT1 https://t.co/K24a6m0bUi

    @AmirHossein_sec

    28 Feb 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. ⚠️ Una falla de seguridad crítica en el plugin Essential Addons para Elementor (CVE-2025-24752) pone a más de dos millones de sitios web de WordPress en riesgo de ataques de secuencias de comandos entre sitios (XSS). 🧉 https://t.co/7ikKIZFBNq

    @MarquisioX

    26 Feb 2025

    36 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-24752の PoC。ログインした管理者が開くと実行される。 /wp-admin/admin.php?page=essential-addons-elementor&popup-selector=%3Cscript%3Ealert(%27XSS%27)%3C/script%3E

    @yousukezan

    26 Feb 2025

    667 Impressions

    0 Retweets

    3 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-24752 XSS in Essential Addons for Elementor Affecting 2+ Million Sites Proof Of Concept - https://t.co/xu0kMh46Vz Please fix/secure your sites ASAP. #bugbounty #xssbugs

    @Chirag99Artani

    26 Feb 2025

    291 Impressions

    0 Retweets

    8 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. 🚨🚨CVE-2025-24752: XSS Vulnerability Found in Essential Addons for Elementor Plugin A critical XSS flaw has been identified in the src/js/view/general.js file, affecting 2 million+ WordPress sites! 🔓 This vulnerability can allow attackers to inject malicious scripts and… http

    @zoomeye_team

    26 Feb 2025

    8242 Impressions

    5 Retweets

    27 Likes

    29 Bookmarks

    3 Replies

    2 Quotes

  7. ⚠️ Vulnerability Alert: Massive WordPress Plugin Vulnerability Exposes Millions to XSS Attacks 📅 Timeline: Disclosure: 2025-02-01, Patch: 2025-02-18 📌 Attribution: Reported by Patchstack Alliance researcher xssium 🆔 CVE ID: CVE-2025-24752 📊 Base Score: 7.1 📏 CVSS…

    @syedaquib77

    26 Feb 2025

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 200万サイト以上が使用するWordPressのプラグインEssential Addons for Elementorに反射型クロスサイトスクリプティングの脆弱性。CVE-2025-24752はCVSSスコア7.1で、src/js/view/general.jsにおけるクエリ引数検証が_を に置き換えるのみであることに起因。修正版提供済み。 https://t.co/YTwMQzKImV

    @__kokumoto

    26 Feb 2025

    849 Impressions

    3 Retweets

    7 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.