CVE-2025-9698 - Vulnerability Details

The Plus Addons for Elementor WordPress plugin before 6.3.16 does not sanitize SVG file contents, which could allow users with minimum role access as Author to perform Stored Cross-Site Scripting attacks.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

References

Link	Providers
https://wpscan.com/vulnerability/a9539def-d92b-4117-b36a-17015c578d89/

History

Mon, 13 Oct 2025 06:15:00 +0000

Type	Values Removed	Values Added
Description		The Plus Addons for Elementor WordPress plugin before 6.3.16 does not sanitize SVG file contents, which could allow users with minimum role access as Author to perform Stored Cross-Site Scripting attacks.
Title		The Plus Addons for Elementor < 6.3.16 - Author+ Stored XSS
References		https://wpscan.com/vulnerability/a9539def-d92b-4117-b36a-17015c578d89/

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2025-10-13T06:00:07.225Z

Updated: 2025-10-13T06:00:07.225Z

Reserved: 2025-08-29T15:34:40.525Z

Link: CVE-2025-9698

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-10-13T06:15:42.677

Modified: 2025-10-13T06:15:42.677

Link: CVE-2025-9698

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object