Security Advisory

CVE-2025-9978

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-10-24 06:00:09

Last updated 2026-01-09 20:11:33

Assigner WPScan

State PUBLISHED

Description

The Jeg Kit for Elementor WordPress plugin before 2.7.0 does not sanitize SVG file contents when uploaded via xmlrpc.php, leading to a cross site scripting vulnerability.

← Browse all CVEs View on cve.org ↗