Xpro Addons — 140+ Widgets for Elementor

Vulnerabilities 18Slug xpro-elementor-addonsLatest version 1.5.3WordPress.org →

Minimum safe version

1.4.25

Update to 1.4.25 or later to address 18 fixable vulnerabilities

Latest available1.5.3 ✓

N/A

2026-04-03< 1.4.25

Xpro Addons — 140+ Widgets for Elementor <= 1.4.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Box Widget

Wordfence CVE

Medium 6.4

2026-04-04< 1.4.21

CVE-2025-13368

CVE Wordfence

Medium 6.4

2026-02-27< 1.4.25

CVE-2025-14149

CVE Wordfence

Critical 9.1

2026-01-22< 1.4.20

CVE-2025-69312

CVE Wordfence

Medium 6.5

2025-12-09< 1.4.20

CVE-2025-63044

CVE Wordfence

Medium 6.5

2025-08-27< 1.4.18

CVE-2025-58195

CVE Wordfence EUVD

Medium 6.5

2025-04-04< 1.4.11

CVE-2025-32163

CVE Wordfence EUVD

Medium 6.4

2025-03-20< 1.4.8

140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Site Title' widget

EUVD Wordfence CVE

Medium 6.4

2025-03-08< 1.4.6.8

CVE-2024-13649

CVE EUVD Wordfence

Medium 4.3

2025-01-08< 1.4.6.3

CVE-2024-12584

CVE Wordfence

Medium 6.5

2024-12-09< 1.4.6.6

CVE-2024-54253

CVE Wordfence Patchstack

Medium 4.3

2024-11-05< 1.4.6.1

CVE-2024-10319

CVE Patchstack Wordfence

Medium 5.4

2024-08-27< 1.4.4.4

CVE-2024-7791

CVE Patchstack Wordfence

Medium 5.4

2024-08-12< 1.4.4.3

CVE-2024-43150

CVE Patchstack Wordfence

High 8.0

2024-05-24< 1.4.3.2

WordPress Xpro Elementor Addons Plugin <= 1.4.3.1 is vulnerable to PHP Object Injection

Patchstack CVE Wordfence

Medium 6.4

2024-05-15< 1.4.3.1

WordPress Xpro Elementor Addons Plugin <= 1.4.3 is vulnerable to Cross Site Scripting (XSS)

Patchstack CVE Wordfence

Medium 4.8

2024-05-08< 1.4.3.1

CVE-2024-34570

CVE Patchstack Wordfence

Medium 6.4

2024-03-29< 1.4.3

CVE-2024-2250

CVE Wordfence Patchstack WPScan