CVE-2025-6550

Name of the Vulnerable Software and Affected Versions: The Pack Elementor plugin for WordPress versions up to and including 2.1.3

Description: The issue is related to stored cross-site scripting, allowing authenticated attackers with contributor or higher access to inject arbitrary web scripts in pages. This is due to insufficient input sanitization and output escaping through the slider options parameter. The scripts will execute when a user accesses an injected page.

Recommendations: For versions up to and including 2.1.3, update to a version higher than 2.1.3 to resolve the issue. As a temporary workaround, consider restricting access to the slider options parameter to minimize the risk of exploitation.