CVE-2025-6244 – Elementor – Stored Cross-Site Scripting in Calendar and Business Reviews Widgets

July 8, 2025

CVE ID : CVE-2025-6244

Published : July 8, 2025, 3:15 a.m. | 3 hours, 36 minutes ago

Description : The Essential Addons for Elementor – Popular Elementor Templates and Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the via `Calendar` And `Business Reviews` Widgets attributes in all versions up to, and including, 6.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-53616 – Apache HTTP Server SQL Injection

Next Article CVE-2025-53615 – Apache Struts Unvalidated Redirect to Malicious Site

Last week in AI dev tools: Cloudflare blocking AI crawlers by default, Perplexity Max subscription, and more (July 7, 2025)

Infragistics Launches Ultimate 25.1 With Major Updates to App Builder, Ignite UI

Design Guidelines For Better Notifications UX

10 Top React.js Development Service Providers For Your Next Project In 2026

Following Microsoft’s mass layoffs, Xbox Game Pass’ business viability is again being questioned — is Xbox’s biggest differentiator an albatross?

A million customer conversations with AI agents yielded this surprising lesson

Bookworms: Don’t skip this Kindle Paperwhite Essentials bundle that’s on sale

My favorite “non-gaming” gaming accessory is down to its lowest price for Prime Day | XREAL’s AR glasses give you a virtual cinema screen for Xbox Cloud Gaming, Netflix, PC gaming handhelds, and more

Keyboard Testing in Accessibility Testing

Keyboard Testing in Accessibility Testing

Implementation of Custom Tables in Optimizely Configured Commerce

Token Limit – Monitor token usage in AI context files

Following Microsoft’s mass layoffs, Xbox Game Pass’ business viability is again being questioned — is Xbox’s biggest differentiator an albatross?

Following Microsoft’s mass layoffs, Xbox Game Pass’ business viability is again being questioned — is Xbox’s biggest differentiator an albatross?

dano – hashdeep/md5tree for media files

My favorite “non-gaming” gaming accessory is down to its lowest price for Prime Day | XREAL’s AR glasses give you a virtual cinema screen for Xbox Cloud Gaming, Netflix, PC gaming handhelds, and more

CVE-2025-6244 – Elementor – Stored Cross-Site Scripting in Calendar and Business Reviews Widgets

CVE-2025-20694 – Intel Bluetooth Denial of Service Vulnerability

CVE-2025-20693 – Intel Wireless LAN STA Driver Out-of-Bounds Read Information Disclosure Vulnerability

CVE-2025-43858 – YouTubeDLSharp Windows Command Injection Vulnerability

CVE-2025-46820 – GitHub phpgt/Dom GitHub Token Disclosure

How undesired goals can arise with correct rewards

CVE-2025-34070 – GFI Kerio Control GFIAgent Authentication Bypass

How AI Further Empowers Value Stream Management

AI achieves silver-medal standard solving International Mathematical Olympiad problems

Coding Agents See 75% Surge: SimilarWeb’s AI Usage Report Highlights the Sectors Winning and Losing in 2025’s Generative AI Boom

CVE-2025-49181 – Apache Log Service Unauthenticated API Endpoint Information Disclosure and Configuration Modification Vulnerability

CVE-2025-6244 – Elementor – Stored Cross-Site Scripting in Calendar and Business Reviews Widgets

Related Posts