CVE-2025-8100: 
WordPress vulnerability analysis and mitigation

The Element Pack Elementor Addons and Templates plugin for WordPress (versions up to and including 8.1.5) contains a Stored Cross-Site Scripting vulnerability identified as CVE-2025-8100. The vulnerability was discovered on August 5, 2025, and publicly disclosed on August 6, 2025. The issue affects the 'marker_content' parameter in the plugin's functionality due to insufficient input sanitization and output escaping (NVD).

The vulnerability is classified as a Stored Cross-Site Scripting (XSS) issue with a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N. The vulnerability is tracked under CWE-79 (Improper Neutralization of Input During Web Page Generation). The issue specifically affects the 'marker_content' parameter, where insufficient input validation allows for the injection of malicious scripts (NVD).

When exploited, this vulnerability allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages. These injected scripts will execute whenever a user accesses the affected page, potentially leading to unauthorized actions, data theft, or other malicious activities (NVD).

Users should update their Element Pack Elementor Addons and Templates plugin to a version newer than 8.1.5 when available. Until then, it is recommended to restrict access to the plugin's functionality to trusted users only and monitor for suspicious activity (NVD).