Xpro Xpro Addons — 140+ Widgets For Elementor
12 CVEs affecting Xpro Xpro Addons — 140+ Widgets For Elementor. Latest disclosed: 2026-05-20. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-4471 | High | 8.0 | 2024-05-23 | The 140+ Widgets | Best Addons For Elementor – FREE for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.3.1 via deseriali… |
CVE-2025-13368 | Medium | 6.4 | 2026-04-04 | The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Widget's 'onClick Event' setting… |
CVE-2026-2949 | Medium | 6.4 | 2026-04-04 | The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Icon Box widget in versions up to, and i… |
CVE-2025-14149 | Medium | 6.4 | 2026-02-27 | The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Scroller widget box link… |
CVE-2025-2108 | Medium | 6.4 | 2025-03-20 | The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Site Title’ widget's 'title_tag'… |
CVE-2024-13649 | Medium | 6.4 | 2025-03-08 | The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to… |
CVE-2024-7791 | Medium | 6.4 | 2024-08-27 | The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘arrow’ parameter within the Post… |
CVE-2024-4440 | Medium | 6.4 | 2024-05-14 | The 140+ Widgets | Best Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions… |
CVE-2024-2250 | Medium | 6.4 | 2024-03-29 | The 130+ Widgets | Best Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions… |
CVE-2025-15369 | Medium | 5.3 | 2026-05-20 | The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the g… |
CVE-2024-12584 | Medium | 4.3 | 2025-01-08 | The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including… |
CVE-2024-10319 | Medium | 4.3 | 2024-11-05 | The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including… |