Summary: A critical security vulnerability has been identified in the Essential Addons for Elementor plugin used by over two million WordPress sites, posing a significant risk of Cross-Site Scripting (XSS) attacks. The flaw, tied to the “popup-selector” query argument, allows attackers to inject malicious scripts due to inadequate input validation. Developers have swiftly released a patch in version 6.0.15 to mitigate this threat, urging users to update immediately.
Affected: Essential Addons for Elementor
Keypoints :
- Vulnerability tracked as CVE-2025-24752 with a CVSS score of 7.1 indicating high risk.
- Attackers can exploit the vulnerability to inject harmful JavaScript, potentially stealing information or redirecting users.
- Patch version 6.0.15 introduces stringent validation for the “popup-selector” variable to block potential XSS attacks.
- All users are strongly urged to update to the latest version to enhance security.