Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Xpro Addons — 140+ Widgets for Elementor — Vulnerabilities & Security Advisories 11

All 11 CVE vulnerabilities found in Xpro Addons — 140+ Widgets for Elementor, with AI-generated Chinese analysis, references, and POCs.

Vendor: xpro

CVE IDTitleCVSSSeverityPublished
CVE-2025-13368 Xpro Addons — 140+ Widgets for Elementor <= 1.4.20 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2026-04-04
CVE-2026-2949 Xpro Addons — 140+ Widgets for Elementor <= 1.4.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Box Widget CWE-79 6.4 Medium2026-04-04
CVE-2025-14149 Xpro Addons — 140+ Widgets for Elementor <= 1.4.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Scroller Widget box link CWE-79 6.4 Medium2026-02-27
CVE-2025-2108 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Site Title' widget CWE-79 6.4 Medium2025-03-20
CVE-2024-13649 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2025-03-08
CVE-2024-12584 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.6.2 - Authenticated (Contributor+) Post Disclosure via Post Duplication CWE-200 4.3 Medium2025-01-08
CVE-2024-10319 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.6 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Template CWE-200 4.3 Medium2024-11-05
CVE-2024-7791 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Grid Widget CWE-79 6.4 Medium2024-08-27
CVE-2024-4471 140+ Widgets | Best Addons For Elementor – FREE <= 1.4.3.1 - Authenticated (Contributor+) PHP Object Injection CWE-502 8.0 High2024-05-23
CVE-2024-4440 140+ Widgets | Best Addons For Elementor – FREE <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets CWE-79 6.4 Medium2024-05-14
CVE-2024-2250 130+ Widgets | Best Addons For Elementor – FREE <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-03-29

All 11 known CVE vulnerabilities affecting Xpro Addons — 140+ Widgets for Elementor with full Chinese analysis, references, and POCs where available.