Vulnerability Database

319,703

Total vulnerabilities in the database

CVE-2025-9703

The Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) WordPress plugin before 2.5.0 does not sanitize SVG file contents when uploaded through the xmlrpc.php endpoint using base64 encode, leading to a Cross-Site Scripting vulnerability.

Published: Oct 6, 2025
Updated: Nov 16, 2025
CVE: CVE-2025-9703
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

No CWE or OWASP classifications available.

Affected Software
References

No affected software listed.

https://wpscan.com/vulnerability/4332d49b-d58c-4728-afab-6757ff9e43ee/

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo