CVE-2025-9978 | THREATINT

Description

The Jeg Kit for Elementor WordPress plugin before 2.7.0 does not sanitize SVG file contents when uploaded via xmlrpc.php, leading to a cross site scripting vulnerability.

PUBLISHED Reserved 2025-09-04 | Published 2025-10-24 | Updated 2025-10-24 | Assigner WPScan

Problem types

CWE-79 Cross-Site Scripting (XSS)

Product status

Default status

unaffected

Any version before 2.7.0

affected

Credits

Tony finder

WPScan coordinator

References

wpscan.com/...rability/cef78a77-c66d-4d62-8d49-140ca2d04d5b/ exploit vdb-entry technical-description

cve.org (CVE-2025-9978)

nvd.nist.gov (CVE-2025-9978)

Download JSON