CVE-2025-8388
BaseFortify
Publication date: 2025-09-10
Last updated on: 2025-09-11
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| powerpack | powerpack_lite_for_elementor | 2.9.5 |
| powerpack | powerpack_lite_for_elementor | 2.9.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8388 is a Stored Cross-Site Scripting (XSS) vulnerability in the PowerPack Elementor Addons plugin for WordPress, specifically in the 'cursor_url' parameter. This vulnerability exists due to insufficient input sanitization and output escaping, allowing authenticated users with Contributor-level access or higher to inject malicious scripts into pages. These scripts execute whenever any user accesses the infected page, potentially compromising site security by executing arbitrary web scripts. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers with Contributor-level access or above to inject malicious scripts into your WordPress site pages. These scripts can execute in the browsers of users visiting the infected pages, potentially leading to theft of user data, session hijacking, defacement, or other malicious actions. It compromises the integrity and security of your website and its users. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the PowerPack Elementor Addons plugin (specifically the PowerPack Lite for Elementor plugin) is installed and running a version up to and including 2.9.4. Since the vulnerability involves the 'cursor_url' parameter in the custom cursor extension, you can look for suspicious or unexpected values in this parameter, especially if Contributor-level users have modified cursor settings. There are no specific network commands provided, but on the WordPress site, you can inspect the plugin version via the admin dashboard or by running WP-CLI commands such as `wp plugin list` to identify the plugin version. Additionally, reviewing the database or plugin settings for unusual 'cursor_url' values or custom cursor CSS selectors may help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the PowerPack Lite for Elementor plugin to version 2.9.5 or later, where the vulnerability is addressed. Until the update is applied, restrict Contributor-level user permissions to prevent them from modifying cursor settings that use the vulnerable 'cursor_url' parameter. Additionally, disable the custom cursor extension if it is enabled, as it is disabled by default. Monitoring and sanitizing inputs related to cursor customization can also reduce risk. [1, 2]