{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-4774", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-05-15T13:39:53.432Z", "datePublished": "2025-06-10T11:22:51.611Z", "dateUpdated": "2026-04-08T16:32:40.503Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:32:40.503Z"}, "affected": [{"vendor": "leap13", "product": "Premium Addons for Elementor \u2013 Powerful Elementor Templates & Widgets", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "4.11.8", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-countdown attribute of Countdown widget in all versions up to, and including, 4.11.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "Premium Addons for Elementor <= 4.11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/024af9de-d4c7-43ec-a602-c45ded3ddad3?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/tags/4.11.6/assets/frontend/js/jquery-countdown.js#L97"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Asaf Mozes"}], "timeline": [{"time": "2025-05-13T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2025-06-09T22:02:57.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-10T14:03:02.801656Z", "id": "CVE-2025-4774", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-10T14:03:26.754Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4774", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-10T14:03:02.801656Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-10T14:03:11.739Z"}}], "cna": {"title": "Premium Addons for Elementor <= 4.11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget", "credits": [{"lang": "en", "type": "finder", "value": "Asaf Mozes"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "leap13", "product": "Premium Addons for Elementor \u2013 Powerful Elementor Templates & Widgets", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "4.11.8"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-05-13T00:00:00.000Z", "value": "Discovered"}, {"lang": "en", "time": "2025-06-09T22:02:57.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/024af9de-d4c7-43ec-a602-c45ded3ddad3?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/tags/4.11.6/assets/frontend/js/jquery-countdown.js#L97"}], "descriptions": [{"lang": "en", "value": "The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-countdown attribute of Countdown widget in all versions up to, and including, 4.11.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:32:40.503Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4774", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:32:40.503Z", "dateReserved": "2025-05-15T13:39:53.432Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-06-10T11:22:51.611Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:leap13:premium_addons_for_elementor:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "2A8218EC-4CBA-4834-A414-EB9E8F11B1B0", "versionEndExcluding": "4.11.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-countdown attribute of Countdown widget in all versions up to, and including, 4.11.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}, {"lang": "es", "value": "El complemento Premium Addons para Elementor de WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del atributo data-countdown del widget Countdown en todas las versiones hasta la 4.11.8 incluida, debido a una depuraci\u00f3n de entrada y un escape de salida insuficientes. Esto permite a atacantes autenticados, con acceso de colaborador o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario a una p\u00e1gina inyectada."}], "id": "CVE-2025-4774", "lastModified": "2025-07-16T16:24:29.390", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-06-10T12:15:24.917", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/tags/4.11.6/assets/frontend/js/jquery-countdown.js#L97"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/024af9de-d4c7-43ec-a602-c45ded3ddad3?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T11:14:57.918698+00:00", "value": {"mitigation_remediation": ["Upgrade Premium Addons for Elementor to a version newer than 4.11.8 to eliminate the vulnerability.", "If an upgrade is not immediately possible, remove or disable the Countdown widget from all pages and sanitize any existing data\u2011countdown attributes to ensure they contain only numeric values.", "Restrict Contributor permissions to prevent unauthorized editing of widget attributes, or remove Contributor access if not required."], "summary": {"action": "Patch Update", "impact": "Stored Cross\u2011Site Scripting"}, "threat_synthesis": {"affected_systems": "Every instance of the Leap13 Premium Addons for Elementor plugin for WordPress with a version of 4.11.8 or earlier is affected. Updating to any later release eliminates the vulnerability.", "description_and_impact": "The Premium Addons for Elementor plugin for WordPress allows an attacker who can authenticate with Contributor or higher privileges to inject arbitrary JavaScript into the data\u2011countdown attribute of the Countdown widget. Because the attribute is not properly sanitized or escaped, the malicious script is stored in the post content and rendered into the page. When any visitor loads that page, the script executes in their browser, allowing the attacker to run code in the context of the site for all users who view the affected page.", "risk_and_exploitability": "The vulnerability has a CVSS score of 6.4, indicating moderate severity, and an EPSS score of less than 1\u202f%, showing that wide\u2011scale exploitation is unlikely. It is not listed in the CISA KEV catalog. Exploitation requires authentication as a Contributor or higher and occurs through the authoring interface where a user can edit widget attributes. Once the malicious data\u2011countdown value is stored, it will run for every visitor to the page."}}}}, "created": "2026-04-28T11:15:26.099936+00:00", "updated": "2026-04-28T11:15:26.099946+00:00", "vendors": []}