CVE-2025-9045: 
WordPress vulnerability analysis and mitigation

The Easy Elementor Addons plugin for WordPress contains a Stored Cross-Site Scripting (XSS) vulnerability in versions 2.2.8 and earlier. The vulnerability was discovered and disclosed on October 3, 2025, and is tracked as CVE-2025-9045. The issue affects several widget parameters in the plugin due to insufficient input sanitization and output escaping (NVD).

The vulnerability is classified as a Stored Cross-Site Scripting (CWE-79) issue with a CVSS v3.1 Base Score of 6.4 (Medium). The attack vector is network-accessible (AV:N) with low attack complexity (AC:L), requiring low privileges (PR:L), no user interaction (UI:N), and affecting changed scope (S:C) with low confidentiality and integrity impact (C:L, I:L) and no availability impact (A:N) (NVD).

When exploited, this vulnerability allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages. These malicious scripts will execute whenever a user accesses the compromised page, potentially leading to unauthorized actions, data theft, or session hijacking (NVD).

Users should upgrade to a version newer than 2.2.8 when available. Until then, it is recommended to restrict access to the WordPress dashboard to trusted users only and regularly monitor for any suspicious activities (NVD).