Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Xpro — Vulnerabilities & Security Advisories 22

Browse all 22 CVE security advisories affecting Xpro. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Xpro:Xpro Addons — 140+ Widgets for ElementorXpro Elementor AddonsXpro Theme BuilderXpro Addons For Beaver Builder – Lite
CVE IDTitleCVSSSeverityPublished
CVE-2025-13368 Xpro Addons — 140+ Widgets for Elementor <= 1.4.20 - Authenticated (Contributor+) Stored Cross-Site Scripting — Xpro Addons — 140+ Widgets for ElementorCWE-79 6.4 Medium2026-04-04
CVE-2026-2949 Xpro Addons — 140+ Widgets for Elementor <= 1.4.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Box Widget — Xpro Addons — 140+ Widgets for ElementorCWE-79 6.4 Medium2026-04-04
CVE-2026-32395 WordPress Xpro Addons For Beaver Builder – Lite plugin <= 1.5.6 - Broken Access Control vulnerability — Xpro Addons For Beaver Builder &#8211; LiteCWE-862 9.1 -2026-03-13
CVE-2025-14149 Xpro Addons — 140+ Widgets for Elementor <= 1.4.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Scroller Widget box link — Xpro Addons — 140+ Widgets for ElementorCWE-79 6.4 Medium2026-02-27
CVE-2025-69312 WordPress Xpro Elementor Addons plugin <= 1.4.19.1 - Arbitrary File Upload vulnerability — Xpro Elementor AddonsCWE-434 8.8AIHighAI2026-01-22
CVE-2025-63044 WordPress Xpro Elementor Addons plugin <= 1.4.19.1 - Cross Site Scripting (XSS) vulnerability — Xpro Elementor AddonsCWE-79 6.1AIMediumAI2025-12-09
CVE-2025-58198 WordPress Xpro Theme Builder Plugin <= 1.2.9 - Broken Access Control Vulnerability — Xpro Theme BuilderCWE-862 6.5 Medium2025-08-27
CVE-2025-58195 WordPress Xpro Elementor Addons Plugin <= 1.4.17 - Cross Site Scripting (XSS) Vulnerability — Xpro Elementor AddonsCWE-79 6.5 Medium2025-08-27
CVE-2025-48232 WordPress Xpro Addons For Beaver Builder – Lite plugin <= 1.5.5 - Cross Site Scripting (XSS) Vulnerability — Xpro Addons For Beaver Builder &#8211; LiteCWE-79 6.5 Medium2025-05-19
CVE-2025-32201 WordPress Xpro Theme Builder Plugin <= 1.2.8.4 - Broken Access Control vulnerability — Xpro Theme BuilderCWE-862 4.3 Medium2025-04-04
CVE-2025-32163 WordPress Xpro Elementor Addons plugin <= 1.4.10 - Cross Site Scripting (XSS) vulnerability — Xpro Elementor AddonsCWE-79 6.5 Medium2025-04-04
CVE-2025-2108 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Site Title' widget — Xpro Addons — 140+ Widgets for ElementorCWE-79 6.4 Medium2025-03-20
CVE-2024-13649 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting — Xpro Addons — 140+ Widgets for ElementorCWE-79 6.4 Medium2025-03-08
CVE-2024-12584 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.6.2 - Authenticated (Contributor+) Post Disclosure via Post Duplication — Xpro Addons — 140+ Widgets for ElementorCWE-200 4.3 Medium2025-01-08
CVE-2024-54253 WordPress Xpro Addons For Elementor plugin <= 1.4.6.5 - Cross Site Scripting (XSS) vulnerability — Xpro Elementor AddonsCWE-79 6.5 Medium2024-12-09
CVE-2024-10319 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.6 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Template — Xpro Addons — 140+ Widgets for ElementorCWE-200 4.3 Medium2024-11-05
CVE-2024-7791 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Grid Widget — Xpro Addons — 140+ Widgets for ElementorCWE-79 6.4 Medium2024-08-27
CVE-2024-43150 WordPress Xpro Elementor Addons plugin <= 1.4.4.2 - Cross Site Scripting (XSS) vulnerability — Xpro Elementor AddonsCWE-79 6.5 Medium2024-08-12
CVE-2024-4471 140+ Widgets | Best Addons For Elementor – FREE <= 1.4.3.1 - Authenticated (Contributor+) PHP Object Injection — Xpro Addons — 140+ Widgets for ElementorCWE-502 8.0 High2024-05-23
CVE-2024-4440 140+ Widgets | Best Addons For Elementor – FREE <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets — Xpro Addons — 140+ Widgets for ElementorCWE-79 6.4 Medium2024-05-14
CVE-2024-34570 WordPress Xpro Elementor Addons plugin <= 1.4.3 - Cross Site Scripting (XSS) vulnerability — Xpro Elementor AddonsCWE-79 5.9 Medium2024-05-08
CVE-2024-2250 130+ Widgets | Best Addons For Elementor – FREE <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — Xpro Addons — 140+ Widgets for ElementorCWE-79 6.4 Medium2024-03-29

This page lists every published CVE security advisory associated with Xpro. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.