cleantalk
Vulnerabilities and Security Researches

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders, CVE-2025-6244

CVE, Research URL

CVE-2025-6244

Home page URL

Security reports for Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

Application

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

Published on
Jul 08, 2025
Research Description
The Essential Addons for Elementor – Popular Elementor Templates and Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the via `Calendar` And `Business Reviews` Widgets attributes in all versions up to, and including, 6.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 6.1.20.
Status
vulnerable
Previous vulnerability researches
My auctions allegro (CVE-2025-27009) , Apr 16, 2025
My auctions allegro (CVE-2024-11707) , Dec 06, 2024
My auctions allegro (CVE-2025-31542) , Apr 02, 2025
My auctions allegro (CVE-2025-22733) , Jan 24, 2025
New vulnerability
Lightbox & Modal Popup WordPress Plugin – FooBox (CVE-2025-5537) , Jul 09, 2025
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders (CVE-2025-6244) , Jul 09, 2025
AI Engine (CVE-2025-5570) , Jul 09, 2025
Guest Support – Complete customer support ticket system for WordPress (CVE-2025-5957) , Jul 08, 2025
Contact Form 7 reCAPTCHA (CVE-2025-23972) , Jul 08, 2025