PT-2025-43583 · WordPress · Jeg Elementor Kit
Tony
·
Published
2025-10-24
·
Updated
2025-10-24
·
CVE-2025-9978
CVSS v3.1
6.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Jeg Kit for Elementor WordPress plugin versions prior to 2.7.0
Description
The Jeg Kit for Elementor WordPress plugin does not properly sanitize SVG file contents when uploaded through the
xmlrpc.php file, which can result in a cross-site scripting issue. The vulnerable upload process occurs when handling SVG files, potentially allowing an attacker to inject malicious code.Recommendations
Update the Jeg Kit for Elementor WordPress plugin to version 2.7.0 or later.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jeg Elementor Kit