CVE-2025-26912

Summary

CVE-2025-26912 is a Cross-site Scripting (XSS) vulnerability affecting HashThemes Easy Elementor Addons. The flaw, which allows Stored XSS, resides in the application's input neutralization process during web page generation. Maliciously crafted data can be injected into the system, potentially leading to unauthorized script execution in users' browsers. This issue can put sensitive information at risk and allow attackers to steal cookies or session tokens. Easy Elementor Addons versions from n/a to 2.1.6 are reportedly affected. Users are recommended to update to a patched version as soon as possible to mitigate this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.