CVE-2025-54050

MEDIUM
2025-07-16 [email protected]
5.4
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Apr 01, 2026 - 17:43 vuln.today
CVE Published
Jul 16, 2025 - 11:15 nvd
MEDIUM 5.4

Tags

WordPress PHP XSS Responsive Addons For Elementor

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Addons for Elementor responsive-addons-for-elementor allows Stored XSS.This issue affects Responsive Addons for Elementor: from n/a through <= 1.7.3.

Analysis

Stored cross-site scripting (XSS) in CyberChimps Responsive Addons for Elementor versions up to 1.7.3 allows authenticated users with limited privileges to inject malicious scripts that execute in the browsers of other site visitors, enabling credential theft, malware distribution, or website defacement. The vulnerability requires user interaction and affects WordPress installations using this plugin; exploitation probability is low (EPSS 0.04%) but impact is moderate given the stored nature of the attack.

Technical Context

The vulnerability stems from improper input neutralization (CWE-79) during web page generation within the Responsive Addons for Elementor WordPress plugin. The plugin fails to sanitize or escape user-controlled input before rendering it in HTML contexts, allowing authenticated attackers with the PR:L privilege level (likely Editor or Author roles) to inject arbitrary JavaScript. This input is stored in the WordPress database and executed server-side when the page is rendered to other users, creating a persistent XSS condition. The plugin integrates with Elementor, a popular WordPress page builder, making it widely deployable across WordPress installations.

Affected Products

CyberChimps Responsive Addons for Elementor WordPress plugin versions through 1.7.3 are affected. The plugin is distributed via the official WordPress plugin repository and identified by CPE cpe:2.3:a:cyberchimps:responsive_addons_for_elementor:*:*:*:*:*:wordpress:*:*. Vulnerability details are available in the Patchstack vulnerability database at https://patchstack.com/database/Wordpress/Plugin/responsive-addons-for-elementor/vulnerability/wordpress-responsive-addons-for-elementor-plugin-1-7-3-cross-site-scripting-xss-vulnerability.

Remediation

Update CyberChimps Responsive Addons for Elementor to a patched version released after 1.7.3. Site administrators should navigate to WordPress Plugins > Installed Plugins, locate Responsive Addons for Elementor, and click Update if available. If a patched version is not yet available in the WordPress plugin repository, temporarily disable the plugin and review CyberChimps' security advisory at the Patchstack reference for expected patch availability. As a mitigation pending patch deployment, restrict Editor and Author roles to trusted users only, and monitor page content for suspicious script injections.

Priority Score

27
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +27
POC: 0

Share

CVE-2025-54050 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy