WordPress: Stored XSS via Video Button and Countdown Widgets in Jeg Elementor Kit Plugin

In the Jeg Elementor Kit plugin for WordPress versions up to and including 2.6.12 a medium severity vulnerability CVE-2025-2944 was detected. This vulnerability allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts via the plugin’s Video Button and Countdown Widgets, which, due to insufficient input sanitization and output escaping, execute whenever a user accesses a compromised page. To address this issue, users should upgrade the Jeg Elementor Kit plugin to versions 2.6.13. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2944.