ThemesGrove All-in-One Addons for Elementor - WidgetKit
Moderate fix1 remedy
cpe:2.3:a:themesgrove:all-in-one_addons_for_elementor:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 2.5.4
All-in-One Addons for Elementor WidgetKit Stored Cross-Site Scripting Vulnerability
Vulnerability
Patched
A stored cross-site scripting vulnerability has been identified in the All-in-One Addons for Elementor – WidgetKit plugin for WordPress, affecting all versions through 2.5.4. The issue arises from inadequate input sanitization and output escaping on user-supplied attributes in the 'button+modal' widget. This vulnerability allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages, which are executed when users access the affected pages.
Impact
Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the page.
Remediation
Users are advised to update the All-in-One Addons for Elementor – WidgetKit plugin to version 2.5.5 or a newer patched version.
Added: Jul 2, 2025, 10:19 AM
Updated: Jul 2, 2025, 10:19 AM
Vulnerability Rating
Custom Algorithm
spread
5.2impact
1.7exploitability
6.1remediation
7.7relevance
0.2threat
3.2urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.