CVE-2025-7046 – Elementor & Image Gallery PowerFolio WordPress Stored Cross-Site Scripting Vulnerability

July 3, 2025

CVE ID : CVE-2025-7046

Published : July 4, 2025, 3:15 a.m. | 22 minutes ago

Description : The Portfolio for Elementor & Image Gallery | PowerFolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom JS Attributes of Plugin’s widgets in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
The issue was partially fixed in version 3.2.0 and fully fixed in version 3.2.1

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-7053 – Cockpit Cross-Site Scripting Vulnerability

Next Article CVE-2025-6814 – Booking X WordPress Unauthorized Data Access Vulnerability

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

Full-Stack Techies vs Toptal: Which Is Better for React.js Outsourcing?

The AI productivity paradox in software engineering: Balancing efficiency and human skill retention

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

Microsoft reportedly lacks the know-how to fully leverage OpenAI’s tech — despite holding IP rights

PHP 8.5.0 Alpha 1 available for testing

PHP 8.5.0 Alpha 1 available for testing

Recording cross browser compatible media

Celebrating Perficient’s Third Databricks Champion

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

CVE-2025-7046 – Elementor & Image Gallery PowerFolio WordPress Stored Cross-Site Scripting Vulnerability

CVE-2025-5933 – WordPress RD Contacto CSRF Vulnerability

CVE-2025-5924 – “WordPress Firebase Push Notification CSRF”

ClassroomParent

CVE-2025-47102 – Adobe Experience Manager DOM-based Cross-Site Scripting (XSS)

CVE-2025-5014 – The Home Villas | Real Estate WordPress Theme File Deletion Vulnerability (Arbitrary File Deletion)

How to Build Your Own Local AI: Create Free RAG and AI Agents with Qwen 3 and Ollama

What you should care about from KubeCon London 2025

CVE-2025-2761 – GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

I test AI tools for a living. Here are 3 image generators I actually use and how

NiCE launches new branding as it shifts from CCaaS to CX-focused AI platform

CVE-2025-7046 – Elementor & Image Gallery PowerFolio WordPress Stored Cross-Site Scripting Vulnerability

Related Posts