CVE-2025-24752 PoC — WordPress Essential Addons for Elementor plugin <= 6.0.14 - Reflected Cross Site Scripting (XSS) vulnerability

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/headless/cves/2025/CVE-2025-24752.yaml

Associated Vulnerability

Title:WordPress Essential Addons for Elementor plugin <= 6.0.14 - Reflected Cross Site Scripting (XSS) vulnerability (CVE-2025-24752)
Description:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Reflected XSS.This issue affects Essential Addons for Elementor: from n/a through <= 6.0.14.

Description

A Cross-Site Scripting (XSS) vulnerability exists in Essential Addons for Elementor Plugin for WordPress versions prior to 6.0.15. The vulnerability allows an attacker to inject malicious JavaScript payloads into web pages by exploiting insufficient input sanitization and output escaping in specific plugin components.

File Snapshot


 id: CVE-2025-24752

info:
  name: Essential Addons for Elementor < 6.0.15 - Cross-Site Scripting
  a

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →