CVE-2025-9698
The Plus Addons for Elementor < 6.3.16 - Author+ Stored XSS
The Plus Addons for Elementor WordPress plugin before 6.3.16 does not sanitize SVG file contents, which could allow users with minimum role access as Author to perform Stored Cross-Site Scripting attacks.
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Affected products
Unknown · The Plus Addons for ElementorWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →