CVE-2025-54044: 
WordPress vulnerability analysis and mitigation

A reflected Cross-Site Scripting (XSS) vulnerability was discovered in the Elite Video Player WordPress plugin versions 10.0.5 and earlier. The vulnerability was publicly disclosed on July 22, 2025, and assigned the identifier CVE-2025-54044. This security flaw affects websites using the vulnerable versions of the Elite Video Player plugin (Patchstack, Wordfence).

The vulnerability is classified as a Cross-Site Scripting (XSS) issue, falling under the OWASP Top 10 category A3: Injection. It received a CVSS score of 7.1 (Medium severity), indicating a moderate level of risk. The vulnerability can be exploited by unauthenticated attackers, making it particularly concerning (Patchstack).

If successfully exploited, this vulnerability could allow malicious actors to inject harmful scripts, including redirects, advertisements, and other HTML payloads into affected websites. These malicious scripts would execute when visitors access the compromised site, potentially compromising user security and website integrity (Patchstack).

Website administrators are strongly advised to update the Elite Video Player plugin to version 10.0.7 or later, which contains the security fix. For users of Patchstack services, a virtual patch has been issued to mitigate this issue by blocking potential attacks until the update can be applied (Patchstack).