Cloud Vulnerability DB
A community-led vulnerabilities database
Introducing Wiz for Exposure Management: Unify, prioritize, and remediate exposures everywhere.
Vulnerability DatabaseCVE-2025-7646
CVE-2025-7646:
WordPress vulnerability analysis and mitigation
Overview
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom script parameter in versions up to and including 6.3.10. This vulnerability was discovered and disclosed on July 31, 2025 (Rapid7).
Technical details
The vulnerability exists due to improper neutralization of input during web page generation, specifically in the custom script parameter. The issue affects users even without the unfiltered_html capability, allowing authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts. The vulnerability has been assigned a CVSS score of 5.0 (AV:N/AC:L/Au:S/C:P/I:P/A:N) indicating moderate severity (Rapid7).
Impact
When exploited, this vulnerability allows authenticated attackers to inject malicious web scripts into pages that will execute whenever a user accesses the injected page. This can lead to potential data theft, session hijacking, or other client-side attacks against site visitors (Rapid7).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management