CVE-2025-1319
Published: 28 February 2025
Summary
CVE-2025-1319 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Elementor Site Mailer. Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Browser Session Hijacking (T1185); ranked in the top 40.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires validation of all user inputs to detect and reject malicious scripts, directly addressing the insufficient input sanitization causing this stored XSS vulnerability.
Mandates filtering and encoding of outputs to prevent execution of injected scripts when pages are accessed, countering the lack of output escaping in the vulnerable plugin.
Ensures timely identification, reporting, and patching of flaws like this stored XSS in the WordPress plugin, preventing exploitation through remediation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stored XSS enables browser session hijacking and theft of web session cookies via injected scripts.
NVD Description
The Site Mailer – SMTP Replacement, Email API Deliverability & Email Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it…
more
possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Deeper analysisAI
CVE-2025-1319, published on 2025-02-28, is a Stored Cross-Site Scripting (XSS) vulnerability (CWE-79) in the Site Mailer – SMTP Replacement, Email API Deliverability & Email Log plugin for WordPress. It affects all versions up to and including 1.2.3 due to insufficient input sanitization and output escaping. The vulnerability has a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N), indicating high severity with network accessibility, low attack complexity, no privileges or user interaction required, and changed scope.
Unauthenticated attackers can exploit this vulnerability remotely by injecting arbitrary web scripts through the plugin, which are then stored and executed in the context of affected pages whenever any user accesses them. This allows potential theft of session cookies, deflection of users to malicious sites, or other client-side attacks, resulting in low impacts to confidentiality and integrity.
Advisories and patch details are provided in references including WordPress plugin trac changeset 3247059, the plugin's developers page on WordPress.org, and Wordfence threat intelligence report at https://www.wordfence.com/threat-intel/vulnerabilities/id/c9fe3574-f338-474c-af78-f843501d422c?source=cve. Security practitioners should review these for specific mitigation steps, such as applying the patch or updating the plugin.
Details
- CWE(s)