Stratum – Elementor Widgets

CVE Details

Basic Information

Title	Stratum – Elementor Widgets <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Google Maps and Image Hotspot Widgets
Type	cve
Published	2025-08-01T04:24:30.095Z
Modified	2025-08-01T04:24:30.095Z

Product Information

Vendor	jetmonsters
Product	Stratum – Elementor Widgets
Version	*

CVSS Information

Base Score	6.4 (MEDIUM)
Attack Vector	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

AI Analysis

AI Description	This vulnerability allows authenticated attackers with contributor-level access to inject arbitrary scripts into pages via the Stratum – Elementor Widgets plugin’s Advanced Google Maps and Image Hotspot widgets. This can lead to stored cross-site scripting (XSS) attacks, executing scripts when users access the injected pages. The issue stems from insufficient input sanitization and output escaping.
AI Severity	Medium
AI Vendor	JetMonsters
AI Product	Stratum – Elementor Widgets
AI Version	1.0.0, 1.0.1, 1.1.0, 1.2.0, 1.3.0, 1.4.0, 1.5.0, 1.6.0
AI Score	6.4

Affected Products

jetmonsters Stratum – Elementor Widgets *

Additional Information

CWE List	CWE-79
Source	Wordfence

Description

The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Advanced Google Maps and Image Hotspot widgets in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

References

View Full CVE Details