Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Xpro — Vulnerabilities & Security Advisories 22

Browse all 22 CVE security advisories affecting Xpro. AI-powered Chinese analysis, POCs, and references for each vulnerability.

xpro operates as a specialized software solution, primarily utilized for enterprise workflow automation and data integration. Security audits reveal a concerning history of twenty-two recorded Common Vulnerabilities and Exposures, indicating persistent weaknesses in its development lifecycle. The most prevalent vulnerability classes include remote code execution and cross-site scripting, which allow attackers to compromise system integrity or steal sensitive user data. Additionally, instances of privilege escalation have been documented, enabling unauthorized users to gain administrative access. These flaws suggest inadequate input validation and insufficient access control mechanisms within the application architecture. While no single catastrophic incident has dominated public discourse, the cumulative effect of these vulnerabilities poses significant risk to organizations relying on the platform. Continuous patching and rigorous security testing are essential to mitigate these ongoing threats and ensure the stability of dependent business processes.

Top products by Xpro: Xpro Addons — 140+ Widgets for Elementor Xpro Elementor Addons Xpro Theme Builder Xpro Addons For Beaver Builder – Lite
CVE IDTitleCVSSSeverityPublished
CVE-2025-13368 Xpro Addons — 140+ Widgets for Elementor <= 1.4.20 - Authenticated (Contributor+) Stored Cross-Site Scripting — Xpro Addons — 140+ Widgets for ElementorCWE-79 6.4 Medium2026-04-04
CVE-2026-2949 Xpro Addons — 140+ Widgets for Elementor <= 1.4.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Box Widget — Xpro Addons — 140+ Widgets for ElementorCWE-79 6.4 Medium2026-04-04
CVE-2026-32395 WordPress Xpro Addons For Beaver Builder – Lite plugin <= 1.5.6 - Broken Access Control vulnerability — Xpro Addons For Beaver Builder – LiteCWE-862 5.3 Medium2026-03-13
CVE-2025-14149 Xpro Addons — 140+ Widgets for Elementor <= 1.4.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Scroller Widget box link — Xpro Addons — 140+ Widgets for ElementorCWE-79 6.4 Medium2026-02-27
CVE-2025-69312 WordPress Xpro Elementor Addons plugin <= 1.4.19.1 - Arbitrary File Upload vulnerability — Xpro Elementor AddonsCWE-434 9.1 Critical2026-01-22
CVE-2025-63044 WordPress Xpro Elementor Addons plugin <= 1.4.19.1 - Cross Site Scripting (XSS) vulnerability — Xpro Elementor AddonsCWE-79 6.5 Medium2025-12-09
CVE-2025-58198 WordPress Xpro Theme Builder Plugin <= 1.2.9 - Broken Access Control Vulnerability — Xpro Theme BuilderCWE-862 6.5 Medium2025-08-27
CVE-2025-58195 WordPress Xpro Elementor Addons Plugin <= 1.4.17 - Cross Site Scripting (XSS) Vulnerability — Xpro Elementor AddonsCWE-79 6.5 Medium2025-08-27
CVE-2025-48232 WordPress Xpro Addons For Beaver Builder – Lite plugin <= 1.5.5 - Cross Site Scripting (XSS) Vulnerability — Xpro Addons For Beaver Builder – LiteCWE-79 6.5 Medium2025-05-19
CVE-2025-32201 WordPress Xpro Theme Builder Plugin <= 1.2.8.4 - Broken Access Control vulnerability — Xpro Theme BuilderCWE-862 4.3 Medium2025-04-04
CVE-2025-32163 WordPress Xpro Elementor Addons plugin <= 1.4.10 - Cross Site Scripting (XSS) vulnerability — Xpro Elementor AddonsCWE-79 6.5 Medium2025-04-04
CVE-2025-2108 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Site Title' widget — Xpro Addons — 140+ Widgets for ElementorCWE-79 6.4 Medium2025-03-20
CVE-2024-13649 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting — Xpro Addons — 140+ Widgets for ElementorCWE-79 6.4 Medium2025-03-08
CVE-2024-12584 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.6.2 - Authenticated (Contributor+) Post Disclosure via Post Duplication — Xpro Addons — 140+ Widgets for ElementorCWE-200 4.3 Medium2025-01-08
CVE-2024-54253 WordPress Xpro Addons For Elementor plugin <= 1.4.6.5 - Cross Site Scripting (XSS) vulnerability — Xpro Elementor AddonsCWE-79 6.5 Medium2024-12-09
CVE-2024-10319 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.6 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Template — Xpro Addons — 140+ Widgets for ElementorCWE-200 4.3 Medium2024-11-05
CVE-2024-7791 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Grid Widget — Xpro Addons — 140+ Widgets for ElementorCWE-79 6.4 Medium2024-08-27
CVE-2024-43150 WordPress Xpro Elementor Addons plugin <= 1.4.4.2 - Cross Site Scripting (XSS) vulnerability — Xpro Elementor AddonsCWE-79 6.5 Medium2024-08-12
CVE-2024-4471 140+ Widgets | Best Addons For Elementor – FREE <= 1.4.3.1 - Authenticated (Contributor+) PHP Object Injection — Xpro Addons — 140+ Widgets for ElementorCWE-502 8.0 High2024-05-23
CVE-2024-4440 140+ Widgets | Best Addons For Elementor – FREE <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets — Xpro Addons — 140+ Widgets for ElementorCWE-79 6.4 Medium2024-05-14
CVE-2024-34570 WordPress Xpro Elementor Addons plugin <= 1.4.3 - Cross Site Scripting (XSS) vulnerability — Xpro Elementor AddonsCWE-79 5.9 Medium2024-05-08
CVE-2024-2250 130+ Widgets | Best Addons For Elementor – FREE <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — Xpro Addons — 140+ Widgets for ElementorCWE-79 6.4 Medium2024-03-29

This page lists every published CVE security advisory associated with Xpro. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.