Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KingAddons.com King Addons for Elementor king-addons allows DOM-Based XSS.This issue affects King Addons for Elementor: from n/a through <= 51.1.61.
Published: 2025-10-27
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

King Addons for Elementor, a popular WordPress plugin, contains an input neutralization flaw that permits DOM‑based cross‑site scripting. The flaw allows injection of malicious scripts into the rendered page, potentially enabling attackers to steal sensitive information from users, deface content, or execute further code. The weakness is identified as CWE‑79.

Affected Systems

The vulnerability affects the King Addons for Elementor plugin from the earliest release through version 51.1.61. It is relevant to any WordPress installation that has this plugin enabled and utilizes the affected versions.

Risk and Exploitability

The CVSS score of 6.5 indicates a medium severity. The EPSS score is below 1%, suggesting a low probability of exploitation at present, and the issue is not listed in the CISA KEV catalog. Nonetheless, XSS can be triggered when a user can supply content that is rendered by the plugin, so sites with wide user input exposure are at a higher risk. An attacker may inject code via form fields or content blocks that the plugin embeds directly into the page, thereby compromising all users who visit that page. The vulnerability remains exploitable until it is remediated by adding proper input sanitization or applying a patched version.

Generated by OpenCVE AI on April 29, 2026 at 20:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update King Addons for Elementor to the latest version (greater than 51.1.61).
  • If an update is not feasible, deactivate or uninstall the plugin to eliminate the attack vector.
  • Review and sanitize any content that may reach the plugin’s rendering mechanisms to prevent XSS injection.

Generated by OpenCVE AI on April 29, 2026 at 20:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KingAddons.com King Addons for Elementor king-addons allows DOM-Based XSS.This issue affects King Addons for Elementor: from n/a through <= 51.1.37. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KingAddons.com King Addons for Elementor king-addons allows DOM-Based XSS.This issue affects King Addons for Elementor: from n/a through <= 51.1.61.
Title WordPress King Addons for Elementor plugin <= 51.1.37 - Cross Site Scripting (XSS) vulnerability WordPress King Addons for Elementor plugin <= 51.1.61 - Cross Site Scripting (XSS) vulnerability

Tue, 20 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
References

Tue, 20 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
References

Thu, 13 Nov 2025 11:30:00 +0000

Type Values Removed Values Added
References

Thu, 13 Nov 2025 10:45:00 +0000

Type Values Removed Values Added
References

Tue, 28 Oct 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 27 Oct 2025 22:30:00 +0000

Type Values Removed Values Added
First Time appeared Elementor
Elementor elementor
Kingaddons
Kingaddons king Addons For Elementor
Wordpress
Wordpress wordpress
Vendors & Products Elementor
Elementor elementor
Kingaddons
Kingaddons king Addons For Elementor
Wordpress
Wordpress wordpress

Mon, 27 Oct 2025 02:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KingAddons.com King Addons for Elementor king-addons allows DOM-Based XSS.This issue affects King Addons for Elementor: from n/a through <= 51.1.37.
Title WordPress King Addons for Elementor plugin <= 51.1.37 - Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References

Subscriptions

Elementor Elementor
Kingaddons King Addons For Elementor
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:14:04.978Z

Reserved: 2025-10-24T14:24:07.765Z

Link: CVE-2025-62887

cve-icon Vulnrichment

Updated: 2025-10-27T15:22:25.400Z

cve-icon NVD

Status : Deferred

Published: 2025-10-27T02:15:47.617

Modified: 2026-04-27T18:16:27.277

Link: CVE-2025-62887

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T21:00:09Z

Weaknesses