CVE-2025-4943

Published
View on NVD ↗
CVSS v3
6.4
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT

Description

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-lakit-element-link’ parameter in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

LA-Studio Element Kit for Elementor
LA-Studio Element Kit for Elementor
<p>LA-Studio Kit is an ultimate All in one addons for Elementor Page Builder, it will help you create a perfect website using Elementor.</p> <h3>KEY FEATURES</h3> <ul> <li>Header Footer Builder</li> <li>Theme Builder</li> <li>Archive Page Builder</li> <li>Search Result Page Builder</li> <li>50+ Free Widgets</li> <li>35+ Ready Pages</li> <li>50+ Ready Sections</li> <li>WooCommerce Widgets</li> <li>Cross-Browser Compatible</li> <li>Fully Responsive</li> <li>Expert Support Team</li> <li>Build with Elementor</li> <li>and more &#8230;</li> </ul> <h3>SUPPORT</h3> <p><strong>Found issue or new features? <a href="https://la-studioweb.com/contact-us/" rel="nofollow ugc">Contact our team from here</a></strong>.</p>
WordPress Plugin DirectoryWordPress Plugin Directory
221K