Elementor Header & Footer Builder, CVE-2025-9703
- CVE, Research URL
- Application
- Published on
- Oct 06, 2025
- Research Description
- The Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) WordPress plugin before 2.5.0 does not sanitize SVG file contents when uploaded through the xmlrpc.php endpoint using base64 encode, leading to a Cross-Site Scripting vulnerability.
- Affected versions
-
max 2.5.0.
- Status
-
vulnerable