The Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) WordPress plugin before 2.5.0 does not sanitize SVG file contents when uploaded through the xmlrpc.php endpoint using base64 encode, leading to a Cross-Site Scripting vulnerability.
Metrics
Affected Vendors & Products
References
History
Mon, 06 Oct 2025 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Elementor
Elementor elementor Wordpress Wordpress wordpress |
|
Vendors & Products |
Elementor
Elementor elementor Wordpress Wordpress wordpress |
Mon, 06 Oct 2025 06:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) WordPress plugin before 2.5.0 does not sanitize SVG file contents when uploaded through the xmlrpc.php endpoint using base64 encode, leading to a Cross-Site Scripting vulnerability. | |
Title | Ultimate Addons for Elementor Lite < 2.5.0 - Author+ Stored XSS | |
References |
|

Status: PUBLISHED
Assigner: WPScan
Published: 2025-10-06T06:00:05.327Z
Updated: 2025-10-06T06:00:05.327Z
Reserved: 2025-08-29T15:54:31.174Z
Link: CVE-2025-9703

No data.

Status : Awaiting Analysis
Published: 2025-10-06T06:15:37.177
Modified: 2025-10-06T14:56:21.733
Link: CVE-2025-9703

No data.