CVE-2025-5944
BaseFortify
Publication date: 2025-07-03
Last updated on: 2025-07-09
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| bdthemes | element_pack | to 8.1.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-5944 is a Stored Cross-Site Scripting (XSS) vulnerability in the Element Pack Addons for Elementor WordPress plugin. It occurs via the 'data-caption' attribute due to insufficient input sanitization and output escaping. Authenticated attackers with Contributor-level access or higher can inject malicious scripts into pages. These scripts execute whenever any user accesses the injected page, potentially compromising site security. [1, 2]
How can this vulnerability impact me? :
This vulnerability allows attackers with Contributor-level access or above to inject arbitrary web scripts into pages via the 'data-caption' attribute. When other users visit these pages, the malicious scripts execute in their browsers, which can lead to theft of user credentials, session hijacking, defacement, or other malicious actions. It compromises the security and integrity of the affected WordPress site and its users. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves Stored Cross-Site Scripting (XSS) via the 'data-caption' attribute in the Element Pack Addons for Elementor plugin's Lightbox widget. Detection can focus on identifying pages or posts where the 'data-caption' attribute contains suspicious or malicious script code. Since the vulnerability requires Contributor-level access to inject scripts, monitoring for unexpected changes or additions to pages with 'data-caption' attributes is key. Specific commands are not provided in the resources, but general detection could involve scanning the WordPress database or exported page content for occurrences of <element> tags or HTML elements with 'data-caption' attributes containing script tags or suspicious JavaScript code. Additionally, monitoring HTTP traffic for payloads containing script injections in 'data-caption' attributes could help. However, no explicit detection commands or tools are detailed in the provided resources. [1, 5]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Element Pack Addons for Elementor plugin to a version that includes the security fixes addressing CVE-2025-5944. According to Resource 2, multiple versions of Element Pack Lite and Pro (including versions 8.1.0, 8.0.3, 8.0.2, 8.0.1, and 8.0) released between April and June 2025 contain fixes or mitigations for this vulnerability. Therefore, upgrading to the latest patched version is recommended. Additionally, restricting Contributor-level access to trusted users can reduce the risk of exploitation. Applying any vendor-provided patches or mitigations for the UIKit JS library, which is related to the vulnerability, is also advised. Monitoring and sanitizing user inputs, especially those affecting the 'data-caption' attribute in the Lightbox widget, can help prevent exploitation until updates are applied. [2]