cleantalk
Vulnerabilities and Security Researches

Business Contact Widget, CVE-2025-46529

CVE, Research URL

CVE-2025-46529

Home page URL

Security reports for Business Contact Widget

Application

Business Contact Widget

Published on
Apr 24, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StressFree Sites Business Contact Widget allows Stored XSS. This issue affects Business Contact Widget: from n/a through 2.7.0.
Affected versions
Min -, max 2.7.0.
Status
vulnerable
Previous vulnerability researches
Appsero Helper (CVE-2024-13436) , Mar 12, 2025
Appsero Helper (CVE-2025-39377) , Apr 26, 2025
New vulnerability
Aeropage Sync for Airtable (CVE-2025-3914) , Apr 27, 2025
Aeropage Sync for Airtable (CVE-2025-3915) , Apr 27, 2025
Add custom page template (CVE-2025-3491) , Apr 27, 2025
Ajax Comment Form CST (CVE-2025-3867) , Apr 27, 2025
Best Quiz Plugin for WordPress: WP Quiz (CVE-2025-46482) , Apr 27, 2025