CVE-2025-9698

CVE-2025-9698: The Plus Addons for Elementor < 6.3.16 - Author+ Stored XSS

Vendor Unknown
Product The Plus Addons for Elementor
Published October 13, 2025
Last update October 14, 2025

CVSS base score

What the vulnerability does

01Description

The Plus Addons for Elementor WordPress plugin before 6.3.16 does not sanitize SVG file contents, which could allow users with minimum role access as Author to perform Stored Cross-Site Scripting attacks.

Key dates

02Disclosure timeline

October 13, 2025 CVE published
October 14, 2025 Record updated