CVE-2025-14275

Name of the Vulnerable Software and Affected Versions Jeg Elementor Kit versions up to and including 3.0.1

Description The Jeg Elementor Kit plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization within the countdown widget’s redirect functionality. This allows authenticated attackers with Contributor-level access or higher to inject arbitrary JavaScript code. This injected code will execute when an administrator or another user views the page containing the malicious countdown element. The vulnerable component is the countdown widget and its redirect functionality. The vulnerable parameter is the redirect URL within the countdown widget.

Recommendations Update Jeg Elementor Kit to a version beyond 3.0.1.