CVE-2025-54212: 
Adobe InDesign vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability was identified in the Magical Addons For Elementor WordPress plugin, tracked as CVE-2024-54212. The vulnerability was discovered and reported on December 6, 2024, affecting versions up to 1.2.6 of the plugin. This security issue stems from improper neutralization of input during web page generation (NVD).

The vulnerability is classified as a Stored Cross-Site Scripting (CWE-79) issue. According to the CVSS 3.1 scoring system, it received a base score of 5.4 (Medium) from NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, while Patchstack assessed it at 6.5 (Medium) with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L. The vulnerability requires low privileged access and user interaction to exploit (NVD, Patchstack).

The vulnerability allows attackers with contributor-level access or higher to store malicious scripts that can be executed when other users view the affected pages. This can lead to potential data theft, session hijacking, or other client-side attacks against WordPress site users (Wordfence).

Website administrators running affected versions of the Magical Addons For Elementor plugin should update to a version newer than 1.2.6 as soon as possible. If immediate updating is not possible, it is recommended to restrict access to the plugin's functionality to trusted administrators only (NVD).