What is the CVSS score of CVE-2025-54050?

CVE-2025-54050 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L. EPSS exploitation probability: 0.0%.

CyberChimps Responsive Addons CVE-2025-54050

MEDIUM

Cross-site Scripting (XSS) (CWE-79)

2025-07-16 audit@patchstack.com

XSS Elementor

6.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

6.5 MEDIUM

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

CVSS changed

Apr 23, 2026 - 15:42 NVD

5.4 (MEDIUM) 6.5 (MEDIUM)

Analysis Generated

Apr 01, 2026 - 17:43 vuln.today

CVE Published

Jul 16, 2025 - 11:15 nvd

MEDIUM 5.4

DescriptionCVE.org

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Addons for Elementor responsive-addons-for-elementor allows Stored XSS.This issue affects Responsive Addons for Elementor: from n/a through <= 1.7.3.

AnalysisAI

Stored cross-site scripting (XSS) in CyberChimps Responsive Addons for Elementor versions up to 1.7.3 allows authenticated users with limited privileges to inject malicious scripts that execute in the browsers of other site visitors, enabling credential theft, malware distribution, or website defacement. The vulnerability requires user interaction and affects WordPress installations using this plugin; exploitation probability is low (EPSS 0.04%) but impact is moderate given the stored nature of the attack.

Technical ContextAI

The vulnerability stems from improper input neutralization (CWE-79) during web page generation within the Responsive Addons for Elementor WordPress plugin. The plugin fails to sanitize or escape user-controlled input before rendering it in HTML contexts, allowing authenticated attackers with the PR:L privilege level (likely Editor or Author roles) to inject arbitrary JavaScript. This input is stored in the WordPress database and executed server-side when the page is rendered to other users, creating a persistent XSS condition. The plugin integrates with Elementor, a popular WordPress page builder, making it widely deployable across WordPress installations.

RemediationAI

Update CyberChimps Responsive Addons for Elementor to a patched version released after 1.7.3. Site administrators should navigate to WordPress Plugins > Installed Plugins, locate Responsive Addons for Elementor, and click Update if available. If a patched version is not yet available in the WordPress plugin repository, temporarily disable the plugin and review CyberChimps' security advisory at the Patchstack reference for expected patch availability. As a mitigation pending patch deployment, restrict Editor and Author roles to trusted users only, and monitor page content for suspicious script injections.

CVE-2025-54050 vulnerability details – vuln.today

Back