CVE-2025-2330 – Elementor WidgetKit WordPress Stored Cross-Site Scripting

July 2, 2025

CVE ID : CVE-2025-2330

Published : July 2, 2025, 10:15 a.m. | 1 hour, 28 minutes ago

Description : The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘button+modal’ widget in all versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4946 – Vikinger WordPress Theme Arbitrary File Deletion Vulnerability

Next Article CVE-2025-27025 – Apache HTTP Server Directory Traversal File Read/Write Vulnerability

A Week In The Life Of An AI-Augmented Designer

This week in AI updates: Gemini Code Assist Agent Mode, GitHub’s Agents panel, and more (August 22, 2025)

Microsoft adds Copilot-powered debugging features for .NET in Visual Studio

Blackstone portfolio company R Systems Acquires Novigo Solutions, Strengthening its Product Engineering and Full-Stack Agentic-AI Capabilities

I found the ultimate MacBook Air alternative for Windows users – and it’s priced well

Outdated IT help desks are holding businesses back – but there is a solution

Android’s latest update can force apps into dark mode – how to see it now

I tried the Google Pixel Watch 4 – and these key features made it feel indispensable

Building Cross-Platform Alerts with Laravel’s Notification Framework

Building Cross-Platform Alerts with Laravel’s Notification Framework

Add Notes Functionality to Eloquent Models With the Notable Package

How to install OpenPlatform — IoT platform

Basics of Digital Forensics

Basics of Digital Forensics

Top Linux Server Automation Tools: Simplifying System Administration

Rising from the Ashes: How AlmaLinux and Rocky Linux Redefined the Post-CentOS Landscape

CVE-2025-2330 – Elementor WidgetKit WordPress Stored Cross-Site Scripting

“What happens online stays online” and other cyberbullying myths, debunked

The need for speed: Why organizations are turning to rapid, trustworthy MDR

CVE-2025-52776 – Thanhtungtnt Video List Manager Cross-site Scripting

Doom: The Dark Ages, Homeworld 3, and More Titles Now Supported by Nvidia’s Latest Driver with Dlss 4

9 Agentic AI Workflow Patterns Transforming AI Agents in 2025

CVE-2025-3599 – Symantec Endpoint Protection ERASER Engine Elevation of Privilege Vulnerability

ChatGPT Starts Speaking Like a Demon, Users Say It’s ‘Straight Out of a Horror Movie’

Valve just announced every Steam sale date from now until Summer 2026 — here’s exactly when you can save big bucks on the best PC games

CVE-2025-53382 – Apache HTTP Server Cross-Site Request Forgery

CVE-2025-45321 – Kashipara Online Service Management Portal SQL Injection Vulnerability

CVE-2025-2330 – Elementor WidgetKit WordPress Stored Cross-Site Scripting

Related Posts