Primary

Context

Xpro Elementor Addons - Pro Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability exists in the Xpro Elementor Addons - Pro plugin for WordPress, affecting all versions through 1.4.9. The issue arises in the custom PHP widget, where access controls are only applied on the client side. This flaw allows authenticated attackers with Contributor-level access or higher to execute arbitrary code on the server.

Impact

Exploitation of this vulnerability allows authenticated users with Contributor-level access and above to execute arbitrary code on the server, potentially leading to full site compromise.

Remediation

Users are advised to update the Xpro Elementor Addons - Pro plugin to version 1.4.10 or a newer patched version.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Xpro Elementor Addons - Pro Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating