CVE-2025-46529 – StressFree Sites Business Contact Widget Stored Cross-Site Scripting Vulnerability

April 24, 2025

CVE ID : CVE-2025-46529

Published : April 24, 2025, 4:15 p.m. | 2 hours, 44 minutes ago

Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in StressFree Sites Business Contact Widget allows Stored XSS. This issue affects Business Contact Widget: from n/a through 2.7.0.

Severity: 5.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46531 – Ankur Vishwakarma WP AVCL Automation Helper SSRF Vulnerability

Next Article CVE-2025-46530 – HuangYe WuDeng Hacklog Remote Attachment CSRF Stored XSS

Highlights

CVE-2025-2944 – Elementor Jeg Stored Cross-Site Scripting (XSS)

May 10, 2025

CVE ID : CVE-2025-2944

Published : May 10, 2025, 6:15 a.m. | 1 hour ago

Description : The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Video Button and Countdown Widgets in all versions up to, and including, 2.6.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How To Prevent WordPress SQL Injection Attacks

Credit Card Sins

Azul significantly cuts down on false positives in Java vulnerability detection with latest update to Azul Intelligence Cloud

The state of strategic portfolio management

Xbox Games Showcase reveals Indiana Jones and the Great Circle to get new DLC this fall

Tony Hawk’s Pro Skater 3 + 4 demo now is available now if you preorder — Michelangelo is coming too

“The full Call of Duty package”: Black Ops 7 has been confirmed during the Xbox Games Showcase, and no, it is not an expansion

Final Fantasy VII Remake and Final Fantasy XVI are FINALLY launching for Xbox consoles — One of which is available right now!

Neobrutalism CSS Button Generator

Neobrutalism CSS Button Generator

How to Become a Node.js Backend Developer

Professor Rita McGrath on Leading in Times of Uncertainty

Microsoft mocks macOS 26 Liquid Design with Windows Aero throwback (Windows Vista)

Microsoft mocks macOS 26 Liquid Design with Windows Aero throwback (Windows Vista)

Hindsite is a fast, lightweight static website generator

Orange Pi 5 Ultra and Max Single Board Computers Running Linux: Introduction

CVE-2025-46529 – StressFree Sites Business Contact Widget Stored Cross-Site Scripting Vulnerability

SinoTrack GPS Devices Vulnerable to Remote Vehicle Control via Default Passwords

Windows Remote Desktop Services Vulnerability Allows Remote Code Execution

lakm/laravel-comments

Unlocking BI Potential with DataGenie & MongoDB

CVE-2025-31258 – This issue was addressed by removing the vulnerabl

How Lumi streamlines loan approvals with Amazon SageMaker AI

CVE-2025-2944 – Elementor Jeg Stored Cross-Site Scripting (XSS)

My first experience with Bun

CVE-2025-2492: Critical ASUS Router Vulnerability Requires Immediate Firmware Update

Advanced tracing and evaluation of generative AI agents using LangChain and Amazon SageMaker AI MLFlow

CVE-2025-46529 – StressFree Sites Business Contact Widget Stored Cross-Site Scripting Vulnerability

Related Posts