Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ali Ali Alpha Price Table For Elementor alpha-price-table-for-elementor allows DOM-Based XSS.This issue affects Alpha Price Table For Elementor: from n/a through <= 1.2.0.
Published: 2025-01-07
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an improper neutralization of input during web page generation that permits the execution of arbitrary JavaScript in the web browser of a site visitor. The plugin’s output is vulnerable to DOM‑based cross‑site scripting, meaning that a crafted payload delivered through the plugin can run client‑side code when the page is rendered. The effect of that code execution depends on the victim’s context but can be used to collect sensitive information or modify page content. The flaw is specifically caused by a weakness identified as CWE‑79. It does not provide an attacker with elevated privileges on the server or the ability to modify server‑side files; the impact is limited to the client side of the web application. The CVSS score of 6.5 reflects a moderate severity based on the potential impact on users, while the EPSS score of <1 % indicates that, at the time of this analysis, exploitation is considered unlikely. The vulnerability is not listed in the CISA KEV catalog. Exploitation typically involves an attacker supplying a malicious payload that the plugin fails to sanitize, resulting in script execution when a visitor loads a page that includes the plugin’s content. The attack would generally require the victim to view the affected page, making it a user‑interaction dependent threat.

Affected Systems

The Alpha Price Table For Elementor plugin, supplied by Ali Ali, is affected in all releases from the beginning through version 1.2.0.

Risk and Exploitability

Exploitability is moderate with a CVSS score of 6.5 reflecting the potential impact on users. The EPSS score of <1 % indicates that, at the time of this analysis, exploitation is considered unlikely. The flaw is not listed in the CISA KEV catalog. The vulnerability manifests as DOM‑based cross‑site scripting, requiring an attacker to supply a malicious payload that the plugin fails to sanitize; when a visitor loads a page containing the plugin, the script executes in the visitor’s browser. This client‑side code can read cookies, modify page content, or launch phishing attacks. Because it relies on user interaction (the victim viewing a page) and does not affect the server or other sites, the risk is limited to the affected website’s visitors.

Generated by OpenCVE AI on May 2, 2026 at 11:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Alpha Price Table For Elementor to a version newer than 1.2.0 once a fix is released.
  • Disable the plugin on any sites where an immediate update is not possible.
  • Ensure that any data rendered by the plugin is properly escaped or encoded to prevent script execution in browsers.

Generated by OpenCVE AI on May 2, 2026 at 11:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-2782 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ali Ali Alpha Price Table For Elementor allows DOM-Based XSS.This issue affects Alpha Price Table For Elementor: from n/a through 1.0.8.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ali Ali Alpha Price Table For Elementor allows DOM-Based XSS.This issue affects Alpha Price Table For Elementor: from n/a through 1.0.8. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ali Ali Alpha Price Table For Elementor alpha-price-table-for-elementor allows DOM-Based XSS.This issue affects Alpha Price Table For Elementor: from n/a through <= 1.2.0.
Title WordPress Alpha Price Table For Elementor plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability WordPress Alpha Price Table For Elementor plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L'}

Tue, 07 Jan 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 07 Jan 2025 17:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ali Ali Alpha Price Table For Elementor allows DOM-Based XSS.This issue affects Alpha Price Table For Elementor: from n/a through 1.0.8.
Title WordPress Alpha Price Table For Elementor plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:11:00.308Z

Reserved: 2025-01-07T10:22:25.314Z

Link: CVE-2025-22500

cve-icon Vulnrichment

Updated: 2025-01-07T17:55:57.886Z

cve-icon NVD

Status : Deferred

Published: 2025-01-07T17:15:33.657

Modified: 2026-06-17T08:47:47.830

Link: CVE-2025-22500

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T11:30:41Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')