cleantalk
Vulnerabilities and Security Researches

Jeg Elementor Kit, CVE-2025-9978

CVE, Research URL

CVE-2025-9978

Home page URL

Security reports for Jeg Elementor Kit

Application

Jeg Elementor Kit

Published on
Oct 24, 2025
Research Description
The Jeg Kit for Elementor WordPress plugin before 2.7.0 does not sanitize SVG file contents when uploaded via xmlrpc.php, leading to a cross site scripting vulnerability.
Affected versions
max 2.7.0.
Status
vulnerable
Previous vulnerability researches
Jeg Elementor Kit (CVE-2024-10308) , Nov 26, 2024
Jeg Elementor Kit (CVE-2024-8899) , Nov 26, 2024
Jeg Elementor Kit (CVE-2025-2944) , May 10, 2025
Jeg Elementor Kit (CVE-2024-1326) , Jun 07, 2024
Jeg Elementor Kit (CVE-2022-3805) , Jun 07, 2024
New vulnerability
Verowa Connect (CVE-2025-58257) , Apr 25, 2026
Image Editor by Pixo (CVE-2025-58232) , Apr 25, 2026
WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce (CVE-2025-2799) , Apr 25, 2026
Kubio AI Page Builder (CVE-2025-8487) , Apr 25, 2026
PlayerJS (CVE-2025-58651) , Apr 25, 2026