Vulnerabilities > Wpxpro > Xpro Addons FOR Elementor > 1.4.6.1

DATE CVE VULNERABILITY TITLE RISK
2025-03-08 CVE-2024-13649 Cross-site Scripting vulnerability in Wpxpro Xpro Addons for Elementor
The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 1.4.6.7 due to insufficient input sanitization and output escaping.
network
low complexity
wpxpro CWE-79
5.4
5.4
2025-01-08 CVE-2024-12584 Information Exposure vulnerability in Wpxpro Xpro Addons for Elementor
The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6.2 via the 'duplicate' function.
network
low complexity
wpxpro CWE-200
6.5
6.5
2024-12-09 CVE-2024-54253 Cross-site Scripting vulnerability in Wpxpro Xpro Addons for Elementor
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Elementor Addons allows Stored XSS.This issue affects Xpro Elementor Addons: from n/a through 1.4.6.1.
network
low complexity
wpxpro CWE-79
5.4
5.4