Security Advisory

CVE-2025-9703

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-10-06 06:00:05

Last updated 2025-10-06 19:06:35

Assigner WPScan

State PUBLISHED

Description

The Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) WordPress plugin before 2.5.0 does not sanitize SVG file contents when uploaded through the xmlrpc.php endpoint using base64 encode, leading to a Cross-Site Scripting vulnerability.

← Browse all CVEs View on cve.org ↗