PT-2026-42086 · WordPress · Xpro Addons
Alex Hickey
·
Published
2026-05-20
·
Updated
2026-05-20
·
CVE-2025-15369
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Xpro Addons — 140+ Widgets for Elementor versions prior to 1.5.1
Description
The plugin is susceptible to unauthorized data modification because the
get content editor() function lacks a proper capability check. This flaw allows unauthenticated attackers to create and publish Xpro templates.Recommendations
Update to a version later than 1.5.0.
As a temporary workaround, restrict access to the
get content editor() function to minimize the risk of exploitation.Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xpro Addons