Description
The Plus Addons for Elementor WordPress plugin before 6.3.16 does not sanitize SVG file contents, which could allow users with minimum role access as Author to perform Stored Cross-Site Scripting attacks.
Published: 2025-10-13
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Oct 2025 21:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H'}


Mon, 13 Oct 2025 06:15:00 +0000

Type Values Removed Values Added
Description The Plus Addons for Elementor WordPress plugin before 6.3.16 does not sanitize SVG file contents, which could allow users with minimum role access as Author to perform Stored Cross-Site Scripting attacks.
Title The Plus Addons for Elementor < 6.3.16 - Author+ Stored XSS
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published:

Updated: 2025-10-14T20:25:25.025Z

Reserved: 2025-08-29T15:34:40.525Z

Link: CVE-2025-9698

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2025-10-13T06:15:42.677

Modified: 2026-06-17T10:09:33.490

Link: CVE-2025-9698

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses

No weakness.