EUVD-2025-32144

ID: EUVD-2025-32144

Severity: medium

CVSS v4: Not provided

CVSS v3: 4.3 (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L)

CWE: None listed

Source: ENISA

Description

The Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) WordPress plugin before 2.5.0 does not sanitize SVG file contents when uploaded through the xmlrpc.php endpoint using base64 encode, leading to a Cross-Site Scripting vulnerability.

Timestamps

Normalized: 2025-12-31T11:32:24Z UTC
Last updated: 2025-12-31T11:30:31Z UTC

References

No references provided.

VulnAI

EUVD-2025-32144

Description

Timestamps

References