Vulnerabilities

CVE-2025-9703

by Fred · 06/10/2025

The Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) WordPress plugin before 2.5.0 does not sanitize SVG file contents when uploaded through the xmlrpc.php endpoint using base64 encode, leading to a Cross-Site Scripting vulnerability.

More information : https://wpscan.com/vulnerability/4332d49b-d58c-4728-afab-6757ff9e43ee/

Similar

Tags: Cybersecurity Alert