LogicalBreach Academy

CVE-2025-24752: Reflected XSS in popup-selector Parameter of Essential Addons for Elementor ≤ 6.0.14 | Free Bug Bounty Writeup | LogicalBreach Academy

Back

Cross-site Scripting (XSS) - Reflected (CWE-79)CVSS 5.1Easy

CVE-2025-24752: Reflected XSS in popup-selector Parameter of Essential Addons for Elementor ≤ 6.0.14

pyus3r

March 6, 2026

53 views

Save

€734

Vulnerability Summary

This writeup details a high-severity Reflected Cross-Site Scripting (XSS) vulnerability (CVE-2025-24752) discovered in the Essential Addons for Elementor plugin for WordPress (by WPDeveloper).

Censorship Note: All data (domains, paths, URIs, and variables) have been strictly anonymized using entirely fictional nomenclature (e.g., wp-business-portal.com). This report documents a vulnerability found within a simulated environment to guarantee 100% privacy for the original infrastructure.

This writeup details a high-severity Reflected Cross-Site Scripting (XSS) vulnerability (CVE-2025-24752) discovered in the Essential Addons for Elementor plugin for WordPress (by WPDeveloper).

The vulnerability was identified using WP-Reaper (v1.0), a specialized tool for detecting known CVEs in WordPress ecosystems. The detection was performed using the following command:

./wp-reaper-linux.bin -u https://wp-business-portal.com

Identification Required

You must be logged in to read this writeup. Join our community of researchers today.

Related Writeups

pyus3r

[Duplicate] Reflected XSS to Account Takeover (Credential Hijacking)

A critical Reflected Cross-Site Scripting (XSS) vulnerability was discovered in a captive WiFi portal, allowing an unauthenticated attacker to steal the credentials of any user connecting via a malicious URL.

Read Writeup →

Discussion

No comments yet.

Be the first to share your thoughts