Vulnerability Database
289,697
Total vulnerabilities in the database
CVE-2025-4774
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-countdown attribute of Countdown widget in all versions up to, and including, 4.11.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
| Software | From | Fixed in |
|---|---|---|
Premium Addons for Elementor (Blog Post Listing, Mega Menu Builder, WooCommerce Products Grid, Carousel, Free Templates)
|
- | 4.11.9 |
- https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/tags/4.11.6/assets/frontend/js/jquery-countdown.js#L97
- https://www.wordfence.com/threat-intel/vulnerabilities/id/024af9de-d4c7-43ec-a602-c45ded3ddad3
- https://www.wordfence.com/threat-intel/vulnerabilities/id/024af9de-d4c7-43ec-a602-c45ded3ddad3?source=cve