cleantalk
Vulnerabilities and Security Researches

Elementor Header & Footer Builder, CVE-2025-60448

CVE, Research URL

CVE-2025-60448

Home page URL

Security reports for Elementor Header & Footer Builder

Application

Elementor Header & Footer Builder

Published on
Oct 03, 2025
Research Description
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists due to insufficient validation of SVG file uploads in the /admin/media.php component, allowing attackers to upload malicious SVG files containing JavaScript code that executes when the uploaded file is viewed.
Affected versions
max 2.5.0.
Status
vulnerable
Previous vulnerability researches
Elementor Header & Footer Builder (CVE-2025-9703) , Apr 26, 2026
Elementor Header & Footer Builder (CVE-2024-11230) , Dec 24, 2024
Elementor Header & Footer Builder (CVE-2024-10325) , Nov 09, 2024
Elementor Header & Footer Builder (CVE-2024-10050) , Oct 25, 2024
Elementor Header & Footer Builder (CVE-2025-60448) , Dec 10, 2025
New vulnerability
Easy FancyBox – WordPress Lightbox Plugin (CVE-2025-5035) , Apr 26, 2026
Elementor Header & Footer Builder (CVE-2025-9703) , Apr 26, 2026
Event Tickets Manager for WooCommerce – Events and Bookings Calendar, Registration, Event Check-in Using Emails, Edit Your T (CVE-2026-34898) , Apr 26, 2026
Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking (CVE-2024-8860) , Apr 26, 2026
Responsive Lightbox & Gallery (CVE-2025-9710) , Apr 26, 2026