CVE-2025-9703

CVE-2025-9703: Ultimate Addons for Elementor Lite < 2.5.0 - Author+ Stored XSS

Vendor Unknown
Product Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder)
Published October 6, 2025
Last update October 6, 2025

CVSS base score

What the vulnerability does

01Description

The Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) WordPress plugin before 2.5.0 does not sanitize SVG file contents when uploaded through the xmlrpc.php endpoint using base64 encode, leading to a Cross-Site Scripting vulnerability.

Key dates

02Disclosure timeline

October 6, 2025 CVE published
October 6, 2025 Record updated