Millions of WordPress Websites Vulnerable to Script Injection Due to Plugin Flaw

A critical security vulnerability in theEssential Addons for Elementorplugin, installed on over 2 million WordPress websites, has exposed sites to script injection attacks via malicious URL parameters. The flaw, tracked as CVE-2025-24752 and scoring 7.1 (High) on the CVSS scale, allowed attackers to execute reflected cross-site scripting (XSS) attacks by exploiting insufficient input sanitization in the plugin’s password reset […] The post Millions of WordPress Websites Vulnerable to Script Injection Due to Plugin Flaw appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

First seen on gbhackers.com

Jump to article: gbhackers.com/millions-of-wordpress-websites-vulnerable/