CVE-2025-4774 – Elementor Premium Addons Stored Cross-Site Scripting Vulnerability

June 10, 2025

CVE ID : CVE-2025-4774

Published : June 10, 2025, 12:15 p.m. | 1 hour, 32 minutes ago

Description : The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-countdown attribute of Countdown widget in all versions up to, and including, 4.11.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4577 – Smash Balloon Social Post Feed – WordPress Stored Cross-Site Scripting Vulnerability

Next Article CVE-2025-43700 – Salesforce OmniStudio FlexCards Data Exposure Permission Vulnerability

How To Prevent WordPress SQL Injection Attacks

Java never goes out of style: Celebrating 30 years of the language

OpenAI o3-pro available in the API, BrowserStack adds Playwright support for real iOS devices, and more – Daily News Digest

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Surface Pro 11 with Snapdragon X Elite drops to lowest price ever

With WH40K Boltgun and Dungeons of Hinterberg, this month’s Humble Choice lineup is stacked for less than $12

I’ve been loving the upgrade to my favorite mobile controller, and there’s even a version for large tablets

Copilot Vision just launched — and Microsoft already added new features

Master Data Management: The Key to Improved Analytics Reporting

Master Data Management: The Key to Improved Analytics Reporting

Salesforce Lead-to-Revenue Management

React Native 0.80 – React 19.1, JS API Changes, Freezing Legacy Arch and much more

Surface Pro 11 with Snapdragon X Elite drops to lowest price ever

Surface Pro 11 with Snapdragon X Elite drops to lowest price ever

With WH40K Boltgun and Dungeons of Hinterberg, this month’s Humble Choice lineup is stacked for less than $12

I’ve been loving the upgrade to my favorite mobile controller, and there’s even a version for large tablets

CVE-2025-4774 – Elementor Premium Addons Stored Cross-Site Scripting Vulnerability

Apache Tomcat Under Attack: Massive Brute-Force Campaign Targets Manager Interfaces

Warning: Discontinued Amazon Cloud Cam Has Vulnerability (CVE-2025-6031), Exposing Your Network

Building Trust with Explainable AI: Why Transparency Is the Future of Intelligent Business🔍

CVE-2025-3260 – Grafana Dashboard Permission Bypass Vulnerability

SonicWall Issues Patch for SSRF Vulnerability in SMA1000 Appliances

CVE-2025-31242 – Apple iPadOS and macOS Private Data Exposure Vulnerability

The AI Mantra of All Time to Recite Now!

Apple names the best designed apps of 2025 – did your favorite make the list?

Opal – Optimizely’s AI-Powered Marketing Assistant

FastCGI Library Vulnerability Exposes Embedded Devices to Code Execution Attacks

CVE-2025-4774 – Elementor Premium Addons Stored Cross-Site Scripting Vulnerability

Related Posts