CVE-2025-6244 – Elementor – Stored Cross-Site Scripting in Calendar and Business Reviews Widgets

CVE ID : CVE-2025-6244

Published : July 8, 2025, 3:15 a.m. | 2 hours ago

Description : The Essential Addons for Elementor – Popular Elementor Templates and Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the via `Calendar` And `Business Reviews` Widgets attributes in all versions up to, and including, 6.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

نوشته های مشابه

CVE-2025-42956 – SAP NetWeaver Cross-Site Scripting (XSS)

CVE-2025-6743 – WordPress Woodmart Stored Cross-Site Scripting Vulnerability

CVE-2025-6746 – WordPress WoodMart Plugin Local File Inclusion Vulnerability

CVE-2025-7166 – Code-projects Responsive Blog Site SQL Injection Vulnerability