CVE-2025-67947
Published: 22 January 2026
Summary
CVE-2025-67947 is a high-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique JavaScript (T1059.007); ranked at the 13.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Penetration testing submits XSS payloads to web applications, detecting cross-site scripting flaws for subsequent remediation.
Validates web inputs to reject script-related content that could produce XSS.
Output validation against expected content can reject or sanitize script content in generated web pages, reducing XSS exploitability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Reflected XSS enables arbitrary JavaScript execution in browser (T1059.007) via malicious links typically delivered through phishing (T1566.002), facilitating session cookie theft (T1539).
NVD Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in scriptsbundle AdForest Elementor adforest-elementor allows Reflected XSS.This issue affects AdForest Elementor: from n/a through <= 3.0.11.
Deeper analysisAI
CVE-2025-67947 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as CWE-79 (Cross-site Scripting), specifically a Reflected XSS issue in the AdForest Elementor WordPress plugin developed by scriptsbundle. The vulnerability affects all versions of the adforest-elementor plugin up to and including 3.0.11. It has a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L), indicating high severity due to network accessibility, low complexity, no required privileges, user interaction, and changed scope with low impacts on confidentiality, integrity, and availability.
Attackers can exploit this vulnerability remotely without authentication by crafting malicious inputs that are reflected back in web page generation. Exploitation requires a victim, such as a site administrator or user, to interact with a malicious link or input, typically via a phishing vector, which triggers script execution in the victim's browser context. Successful exploitation allows limited theft of sensitive data (e.g., session cookies), minor manipulation of page content, or disruption, leveraging the changed scope to affect the site's security context.
Patchstack's advisory at https://patchstack.com/database/Wordpress/Plugin/adforest-elementor/vulnerability/wordpress-adforest-elementor-plugin-3-0-11-cross-site-scripting-xss-vulnerability?_s_id=cve details the vulnerability in the AdForest Elementor plugin version 3.0.11 and provides information on the XSS issue for mitigation guidance. Security practitioners should update to a patched version beyond 3.0.11 if available or apply input sanitization workarounds pending vendor fixes.
Details
- CWE(s)