CVE-2025-2944 – Elementor Jeg Stored Cross-Site Scripting (XSS)

May 10, 2025

CVE ID : CVE-2025-2944

Published : May 10, 2025, 6:15 a.m. | 1 hour ago

Description : The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Video Button and Countdown Widgets in all versions up to, and including, 2.6.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleVolumio is a music player operating system

Next Article CVE-2025-4496 – TOTOLINK CloudACMunualUpdate Buffer Overflow Vulnerability

Can Good UX Protect Older Users From Digital Scams?

Warp 2.0 evolves terminal experience into an Agentic Development Environment

Qodo launches CLI agent framework

Overture Maps launches GERS, a system of unique IDs for global geospatial entities

Microsoft Copilot is “pretty important” but customers still prefer ChatGPT — “OpenAI has done a tremendous job”

Will you sync your Windows 10 PC data to the cloud for free access to security updates beyond 2025?

Red Hat Enterprise Linux (RHEL) quietly released an official image for WSL — but most of us won’t be able to use it

Sam Altman says ChatGPT has evolved beyond a mere “Google replacement” — with ads potentially coming to users

What Are the PHP Trends in 2025

What Are the PHP Trends in 2025

Real-Time Observability for Node.js – Without Code Changes

Elevating API Automation: Exploring Karate as an Alternative to Rest-Assured

Microsoft Copilot is “pretty important” but customers still prefer ChatGPT — “OpenAI has done a tremendous job”

Microsoft Copilot is “pretty important” but customers still prefer ChatGPT — “OpenAI has done a tremendous job”

Will you sync your Windows 10 PC data to the cloud for free access to security updates beyond 2025?

Red Hat Enterprise Linux (RHEL) quietly released an official image for WSL — but most of us won’t be able to use it

CVE-2025-2944 – Elementor Jeg Stored Cross-Site Scripting (XSS)

Citrix Bleed 2 Flaw Enables Token Theft; SAP GUI Flaws Risk Sensitive Data Exposure

Quest Patches Critical KACE SMA Flaws, Including CVSS 10 Authentication Bypass

Hackers Attacking Network Edge Devices to Compromise SMB Organizations

Microsoft celebrates 50th anniversary with a new Xbox Dynamic Background and more

DDoS-for-Hire Empire Dismantled as Poland Arrests Four, U.S. Seizes Nine Domains

CVE-2025-37818 – LoongArch Linux Kernel Invalid PMD Pointer Dereference Vulnerability

CVE-2025-32986 – NETSCOUT nGeniusONE Unauthenticated Sensitive File Access

The Secret Weapon Behind Successful Email Campaigns? Buy SMTP And Win Big!

Hackers Are Poisoning Google Search Results for AI Tools to Deliver Infostealer Malware

Google’s AI Mode just got more helpful – and easier to access

CVE-2025-2944 – Elementor Jeg Stored Cross-Site Scripting (XSS)

Related Posts