Elementor Header & Footer Builder, CVE-2025-9703
- CVE, Research URL
- Application
- Published on
- Oct 06, 2025
- Research Description
- The Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) WordPress plugin before 2.5.0 does not sanitize SVG file contents when uploaded through the xmlrpc.php endpoint using base64 encode, leading to a Cross-Site Scripting vulnerability.
- Affected versions
-
max 2.5.0.
- Status
-
vulnerable
| Previous vulnerability researches |
|---|
| Event Tickets Manager for WooCommerce – Events and Bookings Calendar, Registration, Event Check-in Using Emails, Edit Your T (CVE-2026-34898) , Apr 26, 2026 |