| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-13368 | Xpro Addons — 140+ Widgets for Elementor <= 1.4.20 - Authenticated (Contributor+) Stored Cross-Site Scripting | xpro | Xpro Addons — 140+ Widgets for Elementor | Medium | 6.4 | 2026-04-04 07:42:00 | Deep Dive |
| CVE-2026-2949 | Xpro Addons — 140+ Widgets for Elementor <= 1.4.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Box Widget | xpro | Xpro Addons — 140+ Widgets for Elementor | Medium | 6.4 | 2026-04-04 02:26:21 | Deep Dive |
| CVE-2026-32395 | WordPress Xpro Addons For Beaver Builder – Lite plugin <= 1.5.6 - Broken Access Control vulnerability | Xpro | Xpro Addons For Beaver Builder – Lite | 中危 | - | 2026-03-13 11:42:11 | Deep Dive |
| CVE-2025-14149 | Xpro Addons — 140+ Widgets for Elementor <= 1.4.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Scroller Widget box link | xpro | Xpro Addons — 140+ Widgets for Elementor | Medium | 6.4 | 2026-02-27 06:43:49 | Deep Dive |
| CVE-2025-69312 | WordPress Xpro Elementor Addons plugin <= 1.4.19.1 - Arbitrary File Upload vulnerability | Xpro | Xpro Elementor Addons | - | - | 2026-01-22 16:52:32 | Deep Dive |
| CVE-2025-63044 | WordPress Xpro Elementor Addons plugin <= 1.4.19.1 - Cross Site Scripting (XSS) vulnerability | Xpro | Xpro Elementor Addons | - | - | 2025-12-09 14:52:31 | Deep Dive |
| CVE-2025-58198 | WordPress Xpro Theme Builder Plugin <= 1.2.9 - Broken Access Control Vulnerability | Xpro | Xpro Theme Builder | Medium | 6.5 | 2025-08-27 17:45:43 | Deep Dive |
| CVE-2025-58195 | WordPress Xpro Elementor Addons Plugin <= 1.4.17 - Cross Site Scripting (XSS) Vulnerability | Xpro | Xpro Elementor Addons | Medium | 6.5 | 2025-08-27 17:45:41 | Deep Dive |
| CVE-2025-48232 | WordPress Xpro Addons For Beaver Builder – Lite plugin <= 1.5.5 - Cross Site Scripting (XSS) Vulnerability | Xpro | Xpro Addons For Beaver Builder – Lite | Medium | 6.5 | 2025-05-19 14:44:49 | Deep Dive |
| CVE-2024-13808 | Xpro Elementor Addons - Pro <= 1.4.9 - Authenticated (Contributor+) Remote Code Execution | WPXpro | Xpro Elementor Addons - Pro | High | 8.8 | 2025-04-26 04:22:37 | Deep Dive |
| CVE-2025-32201 | WordPress Xpro Theme Builder Plugin <= 1.2.8.4 - Broken Access Control vulnerability | Xpro | Xpro Theme Builder | Medium | 4.3 | 2025-04-04 15:59:10 | Deep Dive |
| CVE-2025-32163 | WordPress Xpro Elementor Addons plugin <= 1.4.10 - Cross Site Scripting (XSS) vulnerability | Xpro | Xpro Elementor Addons | Medium | 6.5 | 2025-04-04 15:58:45 | Deep Dive |
| CVE-2025-2108 | 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Site Title' widget | xpro | Xpro Addons — 140+ Widgets for Elementor | Medium | 6.4 | 2025-03-20 06:54:57 | Deep Dive |
| CVE-2024-13649 | 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | xpro | Xpro Addons — 140+ Widgets for Elementor | Medium | 6.4 | 2025-03-08 11:16:40 | Deep Dive |
| CVE-2024-12584 | 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.6.2 - Authenticated (Contributor+) Post Disclosure via Post Duplication | xpro | Xpro Addons — 140+ Widgets for Elementor | Medium | 4.3 | 2025-01-08 06:41:39 | Deep Dive |
| CVE-2024-54253 | WordPress Xpro Addons For Elementor plugin <= 1.4.6.5 - Cross Site Scripting (XSS) vulnerability | Xpro | Xpro Elementor Addons | Medium | 6.5 | 2024-12-09 12:44:05 | Deep Dive |
| CVE-2024-10319 | 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.6 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Template | xpro | Xpro Addons — 140+ Widgets for Elementor | Medium | 4.3 | 2024-11-05 11:00:48 | Deep Dive |
| CVE-2024-7791 | 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Grid Widget | xpro | Xpro Addons — 140+ Widgets for Elementor | Medium | 6.4 | 2024-08-27 10:59:49 | Deep Dive |
| CVE-2024-43150 | WordPress Xpro Elementor Addons plugin <= 1.4.4.2 - Cross Site Scripting (XSS) vulnerability | Xpro | Xpro Elementor Addons | Medium | 6.5 | 2024-08-12 22:12:09 | Deep Dive |
| CVE-2024-4471 | 140+ Widgets | Best Addons For Elementor – FREE <= 1.4.3.1 - Authenticated (Contributor+) PHP Object Injection | xpro | Xpro Addons — 140+ Widgets for Elementor | High | 8.0 | 2024-05-23 12:43:38 | Deep Dive |