CVE-2025-5944 – Elementor Element Pack Addons Stored Cross-Site Scripting

July 3, 2025

CVE ID : CVE-2025-5944

Published : July 3, 2025, 5:15 a.m. | 2 hours, 3 minutes ago

Description : The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-caption’ attribute in all versions up to, and including, 8.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleDeepin Font Manager

Next Article Burn It With Fire: How to Eliminate an Industry-Wide Supply Chain Vulnerability

Highlights

CVE-2025-46827 – Graylog HTML Form Cookie Disclosure

May 7, 2025

CVE ID : CVE-2025-46827

Published : May 7, 2025, 4:15 p.m. | 3 hours, 29 minutes ago

Description : Graylog is a free and open log management platform. Prior to versions 6.0.14, 6.1.10, and 6.2.0, it is possible to obtain user session cookies by submitting an HTML form as part of an Event Definition Remediation Step field. For this attack to succeed, the attacker needs a user account with permissions to create event definitions, while the user must have permissions to view alerts. Additionally, an active Input must be present on the Graylog server that is capable of receiving form data (e.g. a HTTP input, TCP raw or syslog etc). Versions 6.0.14, 6.1.10, and 6.2.0 fix the issue. No known workarounds are available, as long as the relatively rare prerequisites are met.

Severity: 8.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

10 Ways Node.js Development Boosts AI & Real-Time Data (2025-2026 Edition)

Looking to Outsource React.js Development? Here’s What Top Agencies Are Doing Right

Beyond The Hype: What AI Can Really Do For Product Design

BrowserStack launches Chrome extension that bundles 10+ manual web testing tools

How much RAM does your Linux PC really need in 2025?

Have solar at home? Supercharge that investment with this other crucial component

I replaced my MacBook charger with this compact wall unit – and wish I’d done it sooner

5 reasons to switch to an immutable Linux distro today – and which to try first

Sentry Adds Logs Support for Laravel Apps

Sentry Adds Logs Support for Laravel Apps

Efficient Context Management with Laravel’s Remember Functions

Laravel Devtoolbox: Your Swiss Army Knife Artisan CLI

From plateau predictions to buggy rollouts — Bill Gates’ GPT-5 skepticism looks strangely accurate

From plateau predictions to buggy rollouts — Bill Gates’ GPT-5 skepticism looks strangely accurate

We gave OpenAI’s open-source AI a kid’s test — here’s what happened

With GTA 6, next-gen exclusives, and a console comeback on the horizon, Xbox risks sitting on the sidelines — here’s why

CVE-2025-5944 – Elementor Element Pack Addons Stored Cross-Site Scripting

Workday Staff Fall to Social Engineering; Hackers Access Third-Party CRM Platform

Get Ready for the Black Hat USA 2025 CISO Podcast Series from The Cyber Express and Suraksha Catalyst

Building enterprise-scale RAG applications with Amazon S3 Vectors and DeepSeek R1 on Amazon SageMaker AI

I’ve sold on eBay for 25 years, and this new AI-powered listing tool is a game-changer

CVE-2025-7434 – Tenda FH451 Stack-Based Buffer Overflow Vulnerability

CVE-2014-125113 – Dell KACE K1000 System Management Appliance Unrestricted File Upload Vulnerability

CVE-2025-46827 – Graylog HTML Form Cookie Disclosure

CVE-2025-4488 – iSourcecode Gym Management System SQL Injection Vulnerability

HDF Compass – experimental viewer program for HDF5

OpenAI releases two open weight reasoning models

CVE-2025-5944 – Elementor Element Pack Addons Stored Cross-Site Scripting

Related Posts