2 matches found
CVE-2025-2108
creationtimestamp| type| source ---|---|--- 2025-03-20 07:20:56+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/8178 2025-03-20 09:02:10+00:00| seen| https://t.me/cvedetector/20691 2025-03-20 09:03:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lksdomour...
CVE-2025-2108 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Site Title' widget
The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Site Title’ widget's 'titletag' and 'htmltag' parameters in all versions up to, and including, 1.4.6.8 due to insufficient input sanitization and output escaping. This...