CVE-2025-3106
CVSS 3.1 Score 6.4 of 10 (medium)
Details
Published Apr 18, 2025
Updated: Apr 21, 2025
CWE ID 79
Summary
CVE-2025-3106 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the LA-Studio Element Kit plugin for WordPress. The Table of Contents widget in versions up to 1.4.9 of the plugin is the source of the issue, which stems from insufficient sanitization and output escaping of user-supplied attributes. This flaw allows authenticated attackers with contributor-level access or higher to inject malicious web scripts. These scripts will execute whenever a user accesses a manipulated page.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.