{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-3275", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-04-04T13:59:43.949Z", "datePublished": "2025-04-19T03:21:24.199Z", "dateUpdated": "2026-04-08T16:51:51.872Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:51:51.872Z"}, "affected": [{"vendor": "themesflat", "product": "Themesflat Addons For Elementor", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.2.5", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TF E Slider widget in all versions up to, and including, 2.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "Themesflat Addons For Elementor <= 2.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4ec73a61-9ae2-4e6f-b1fa-2d61f27d6809?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/themesflat-addons-for-elementor/trunk/assets/js/tf-flexslider.js"}, {"url": "https://plugins.trac.wordpress.org/changeset/3268183/themesflat-addons-for-elementor/tags/2.2.2/assets/js/tf-flexslider.js"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Craig Smith"}], "timeline": [{"time": "2025-04-18T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-21T02:42:27.121311Z", "id": "CVE-2025-3275", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-21T02:42:38.236Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3275", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-21T02:42:27.121311Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-21T02:42:33.594Z"}}], "cna": {"title": "Themesflat Addons For Elementor <= 2.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting", "credits": [{"lang": "en", "type": "finder", "value": "Craig Smith"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "themesflat", "product": "Themesflat Addons For Elementor", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.2.5"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-04-18T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4ec73a61-9ae2-4e6f-b1fa-2d61f27d6809?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/themesflat-addons-for-elementor/trunk/assets/js/tf-flexslider.js"}, {"url": "https://plugins.trac.wordpress.org/changeset/3268183/themesflat-addons-for-elementor/tags/2.2.2/assets/js/tf-flexslider.js"}], "descriptions": [{"lang": "en", "value": "The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TF E Slider widget in all versions up to, and including, 2.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:51:51.872Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3275", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:51:51.872Z", "dateReserved": "2025-04-04T13:59:43.949Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-04-19T03:21:24.199Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TF E Slider widget in all versions up to, and including, 2.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}, {"lang": "es", "value": "El complemento Themesflat Addons para Elementor para WordPress es vulnerable a Cross Site Scripting almacenado a trav\u00e9s del widget TF E Slider en todas las versiones hasta la 2.2.5 incluida, debido a una depuraci\u00f3n de entrada y al escape de salida insuficiente. Esto permite a atacantes autenticados, con acceso de colaborador o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario a una p\u00e1gina inyectada."}], "id": "CVE-2025-3275", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-04-19T04:15:22.540", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/themesflat-addons-for-elementor/trunk/assets/js/tf-flexslider.js"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3268183/themesflat-addons-for-elementor/tags/2.2.2/assets/js/tf-flexslider.js"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4ec73a61-9ae2-4e6f-b1fa-2d61f27d6809?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T21:14:50.813212+00:00", "value": {"mitigation_remediation": ["Upgrade the Themesflat Addons For Elementor plugin to the latest release (v2.2.6 or newer) where the input validation and output escaping for the TF\u202fE\u202fSlider widget have been corrected.", "If an upgrade cannot be performed immediately, limit Contributor and higher roles to a least\u2011privilege level or remove the ability to edit or add widgets, and disable the TF\u202fE\u202fSlider widget on all affected pages.", "In the absence of an upgrade or role restriction, implement a content filter that removes disallowed HTML and script tags from widget inputs before they are stored in the database, ensuring only safe markup is rendered."], "summary": {"action": "Patch Now", "impact": "Stored Cross\u2011Site Scripting that runs injected scripts for any user viewing the affected page"}, "threat_synthesis": {"affected_systems": "WordPress sites running Themesflat Addons For Elementor version 2.2.5 or earlier are affected. The vulnerability exists in all releases up to and including 2.2.5. Sites that use the plugin\u2019s slider widget set are at risk.", "description_and_impact": "The Themesflat Addons For Elementor plugin contains a stored XSS flaw in the TF\u202fE\u202fSlider widget. Insufficient sanitization and escaping allow an attacker with Contributor or higher access to embed JavaScript that will execute in the browser context of any visitor who loads the page that contains the widget.", "risk_and_exploitability": "The CVSS score of 6.4 indicates medium\u2011to\u2011high severity. The EPSS score of <1% suggests the probability of exploitation is low but not negligible. The flaw is not listed in the CISA KEV catalog; however, because it requires a Contributor or higher authenticated role, the threat is primarily to site administrators or content authors. Once injected, the malicious script automatically runs for every site visitor, potentially exposing session data or enabling further attacks."}}}}, "created": "2025-06-24T09:44:20.956903+00:00", "updated": "2026-04-21T21:15:45.453048+00:00", "vendors": ["themesflat", "themesflat$PRODUCT$themesflat_addons_for_elementor"]}