Medium severity6.4NVD Advisory· Published Jan 8, 2026· Updated Apr 15, 2026
CVE-2025-14275
CVE-2025-14275
Description
The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.0.1 due to insufficient input sanitization in the countdown widget's redirect functionality. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary JavaScript that will execute when an administrator or other user views the page containing the malicious countdown element.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=3.0.1
- Range: <= 3.0.1
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.