PT-2026-42086 · WordPress · Xpro Addons

Alex Hickey

·

Published

2026-05-20

·

Updated

2026-05-20

·

CVE-2025-15369

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions Xpro Addons — 140+ Widgets for Elementor versions prior to 1.5.1
Description The plugin is susceptible to unauthorized data modification because the get content editor() function lacks a proper capability check. This flaw allows unauthenticated attackers to create and publish Xpro templates.
Recommendations Update to a version later than 1.5.0. As a temporary workaround, restrict access to the get content editor() function to minimize the risk of exploitation.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2025-15369

Affected Products

Xpro Addons