What is CVE-2024-13808?

CVE-2024-13808 is a high-severity vulnerability in Wpxpro Xpro Elementor Addons - Pro, classified under Code Injection. CVSS score: 8.8/10. Published 2025-04-26.

How severe is CVE-2024-13808?

High severity. CVSS v3 base score is 8.8 out of 10.

RCE in Wpxpro Xpro Elementor Addons - Pro

CVE-2024-13808

The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.4.9 via the custom PHP widget. This is due to their only being client side controls when determining who ca…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.009 (76.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Wpxpro Xpro Elementor Addons - Pro — versions 0

Weakness classification (CWE)

CWE-94 — Code Injection

References

www.wordfence.com/threat-intel/vulnerabilities/id/0833e55f-22aa-44c9-aff6-1f3b7…
elementor.wpxpro.com

Frequently asked questions

What is CVE-2024-13808?: CVE-2024-13808 is a high-severity vulnerability in Wpxpro Xpro Elementor Addons - Pro, classified under Code Injection. CVSS score: 8.8/10. Published 2025-04-26.
How severe is CVE-2024-13808?: High severity. CVSS v3 base score is 8.8 out of 10.