CVE-2025-9698

The Plus Addons for Elementor < 6.3.16 - Author+ Stored XSS

Description

The Plus Addons for Elementor WordPress plugin before 6.3.16 does not sanitize SVG file contents, which could allow users with minimum role access as Author to perform Stored Cross-Site Scripting attacks.

INFO

Published Date :

2025-10-13T06:00:07.225Z

Last Modified :

2025-10-14T20:25:25.025Z

Source :

WPScan

AFFECTED PRODUCTS

The following products are affected by CVE-2025-9698 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-9698.

URL	Resource
https://wpscan.com/vulnerability/a9539def-d92b-4117-b36a-17015c578d89/

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact