CVE-2025-6244 – Elementor – Stored Cross-Site Scripting in Calendar and Business Reviews Widgets

July 8, 2025

CVE ID : CVE-2025-6244

Published : July 8, 2025, 3:15 a.m. | 3 hours, 36 minutes ago

Description : The Essential Addons for Elementor – Popular Elementor Templates and Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the via `Calendar` And `Business Reviews` Widgets attributes in all versions up to, and including, 6.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-53616 – Apache HTTP Server SQL Injection

Next Article CVE-2025-53615 – Apache Struts Unvalidated Redirect to Malicious Site

Anthropic proposes transparency framework for frontier AI development

Sonatype Open Source Malware Index, Gemini API Batch Mode, and more – Daily News Digest

15 Top Node.js Development Service Providers for Large Enterprises in 2026

Droip: The Modern Website Builder WordPress Needed

The gaming headset I use every day is slashed to its lowest price ever thanks to Amazon Prime Day — “stellar battery life” awaits

How passkeys work: The complete guide to your inevitable passwordless future

This Sony OLED TV is my pick for best Prime Day deal – and it’s the last chance to get 50% off

Blizzard announces release date for World of Warcraft: The War Within’s 3rd major content patch — a patch that will feature the largest, city-sized raid boss in MMORPG history

Top PHP Projects for B.Tech Students: Learn Real Skills with PHPGurukul Projects

Top PHP Projects for B.Tech Students: Learn Real Skills with PHPGurukul Projects

Deno 2.4: deno bundle is back

From Silos to Synergy: Accelerating Your AI Journey

The gaming headset I use every day is slashed to its lowest price ever thanks to Amazon Prime Day — “stellar battery life” awaits

The gaming headset I use every day is slashed to its lowest price ever thanks to Amazon Prime Day — “stellar battery life” awaits

Blizzard announces release date for World of Warcraft: The War Within’s 3rd major content patch — a patch that will feature the largest, city-sized raid boss in MMORPG history

Microsoft recently raised the price of the Xbox Series S, but these retailers just dropped it back down again — close to the old price, but not for long

CVE-2025-6244 – Elementor – Stored Cross-Site Scripting in Calendar and Business Reviews Widgets

CVE-2025-49697 – Microsoft Office Heap Buffer Overflow Vulnerability

CVE-2025-49701 – Microsoft Office SharePoint Cross-Site Scripting (XSS)

What Makes Code Vulnerable – And How to Fix It

AI will boost the value of human creativity in financial services, says AWS

Google patches new Chrome zero-day bug exploited in attacks

CVE-2025-20278 – “Cisco Unified Communications Command Injection Vulnerability”

Want a free VPN? How to use ProtonVPN on Android without having to pay

CVE-2025-6859 – SourceCodester Best Salon Management System SQL Injection Vulnerability

CVE-2025-2896 – IBM Planning Analytics Cross-Site Scripting Vulnerability

Razer Iskur V2 drops to $399.99 — the gaming chair with the best lumbar support we’ve ever tested

CVE-2025-6244 – Elementor – Stored Cross-Site Scripting in Calendar and Business Reviews Widgets

Related Posts