Back
Medium · CVSS 5.1Cross-site Scripting (XSS) - Reflected (CWE-79)

[EN] CVE-2025-24752: Reflected XSS in popup-selector Parameter of Essential Addons for Elementor ≤ 6.0.14

pyus3r
pyus3r
March 6, 2026
1
€367

Vulnerability Summary

This writeup details a high-severity Reflected Cross-Site Scripting (XSS) vulnerability (CVE-2025-24752) discovered in the Essential Addons for Elementor plugin for WordPress (by WPDeveloper).

Censorship Note: All data (domains, paths, URIs, and variables) have been strictly anonymized using entirely fictional nomenclature (e.g., wp-business-portal.com). This report documents a vulnerability found within a simulated environment to guarantee 100% privacy for the original infrastructure.

This writeup details a high-severity Reflected Cross-Site Scripting (XSS) vulnerability (CVE-2025-24752) discovered in the Essential Addons for Elementor plugin for WordPress (by WPDeveloper).

Identification Required

You must be logged in to read this writeup. Join our community of researchers today.

Sign InRegister
pyus3r
pyus3r
€2,240 Documented
Profile

21y/o Bug Bounty Hunter & Founder of Logical Breach Academy

Related Writeups

pyus3rpyus3r

[ES] CVE-2025-24752: Reflected XSS in popup-selector Parameter of Essential Addons for Elementor ≤ 6.0.14

Este writeup detalla una vulnerabilidad de severidad alta de Cross-Site Scripting Reflejado (XSS) (CVE-2025-24752) descubierta en el plugin Essential Addons for Elementor de WordPress (desarrollado por WPDeveloper).

Read Writeup →

Discussion

No comments yet. Be the first to share your thoughts.

Log in to join the discussion.

Sign In