CVE-2024-13808 – Xpro Elementor Addons – Pro WordPress Remote Code Execution Vulnerability

April 26, 2025

CVE ID : CVE-2024-13808

Published : April 26, 2025, 5:15 a.m. | 2 hours, 14 minutes ago

Description : The Xpro Elementor Addons – Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.4.9 via the custom PHP widget. This is due to their only being client side controls when determining who can access the widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-1458 – Elementor Element Pack Addons Stored Cross-Site Scripting Vulnerability

Next Article CVE-2025-2801 – WordPress Create Custom Forms Plugin Arbitrary Shortcode Execution Vulnerability

How To Prevent WordPress SQL Injection Attacks

Java never goes out of style: Celebrating 30 years of the language

OpenAI o3-pro available in the API, BrowserStack adds Playwright support for real iOS devices, and more – Daily News Digest

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Sam Altman says “OpenAI was forced to do a lot of unnatural things” to meet the Ghibli memes demand surge

5 things we didn’t get from the Xbox Games Showcase, because Xbox obviously hates me personally

Minecraft Vibrant Visuals finally has a release date and it’s dropping with the Happy Ghasts

QAQ-QQ-AI-QUEST

QAQ-QQ-AI-QUEST

JS Dark Arts: Abusing prototypes and the Result type

Helpful Git Aliases To Maximize Developer Productivity

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Sam Altman says “OpenAI was forced to do a lot of unnatural things” to meet the Ghibli memes demand surge

5 things we didn’t get from the Xbox Games Showcase, because Xbox obviously hates me personally

CVE-2024-13808 – Xpro Elementor Addons – Pro WordPress Remote Code Execution Vulnerability

Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion

Apple Patches Flaw Exploited in Zero-click Paragon Spyware Attacks

I just tested a smart cooler and can never go back to toting ice (and it’s $100 off)

Supercharging Workflows with AI Agent and Copilot Development🚀

CVE-2025-47827 – IGEL OS Boot Signature Verification Bypass

CVE-2025-48827 – vBulletin Unauthenticated API Controller Method Invocation Vulnerability

Blu-ray exploits could allow computer malware infection

CVE-2025-49007 – Apache Rack Denial of Service Vulnerability

Why AI-Led Experiences Are the Future — And How Sitecore Stream Delivers Them

CVE-2025-46724 – Langroid TableChatAgent Code Injection Vulnerability

CVE-2024-13808 – Xpro Elementor Addons – Pro WordPress Remote Code Execution Vulnerability

Related Posts