CVE-2024-13808 – Xpro Elementor Addons – Pro WordPress Remote Code Execution Vulnerability

April 26, 2025

CVE ID : CVE-2024-13808

Published : April 26, 2025, 5:15 a.m. | 2 hours, 14 minutes ago

Description : The Xpro Elementor Addons – Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.4.9 via the custom PHP widget. This is due to their only being client side controls when determining who can access the widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-1458 – Elementor Element Pack Addons Stored Cross-Site Scripting Vulnerability

Next Article CVE-2025-2801 – WordPress Create Custom Forms Plugin Arbitrary Shortcode Execution Vulnerability

Representative Line: Brace Yourself

Beyond the Pilot: A Playbook for Enterprise-Scale Agentic AI

GitHub launches MCP Registry to provide central location for trusted servers

MongoDB brings Search and Vector Search to self-managed versions of database

Distribution Release: Security Onion 2.4.180

Distribution Release: Omarchy 3.0.1

Distribution Release: Mauna Linux 25

Distribution Release: SparkyLinux 2025.09

AI Momentum and Perficient’s Inclusion in Analyst Reports – Highlights From 2025 So Far

AI Momentum and Perficient’s Inclusion in Analyst Reports – Highlights From 2025 So Far

Shopping Portal using Python Django & MySQL

Perficient Earns Adobe’s Real-time CDP Specialization

Valve Survey Reveals Slight Retreat in Steam-on-Linux Share

Valve Survey Reveals Slight Retreat in Steam-on-Linux Share

Review: Elecrow’s All-in-one Starter Kit for Pico 2

FOSS Weekly #25.38: GNOME 49 Release, KDE Drama, sudo vs sudo-rs, Local AI on Android and More Linux Stuff

CVE-2024-13808 – Xpro Elementor Addons – Pro WordPress Remote Code Execution Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

CVE-2025-41231 – VMware Cloud Foundation Missing Authorization Vulnerability

Abandoned Sogou Zhuyin Update Server Hijacked, Weaponized in Taiwan Espionage Campaign

Europol Dismantles $540 Million Cryptocurrency Fraud Network, Arrests Five Suspects

CVE-2025-57801 – Gnark EdDSA/ECDSA Signature Malleability

Introducing Database Digest: Building Foundations for Success

What’s the point of Headless?

CVE-2025-4536 – Gosuncn Technology Group Audio-Visual Integrated Management Platform Remote Information Disclosure

CVE-2013-10057 – Synactis PDF In-The-Box ActiveX Control Stack-Based Buffer Overflow Vulnerability

CVE-2024-13808 – Xpro Elementor Addons – Pro WordPress Remote Code Execution Vulnerability

Related Posts