CVE-2024-13808 – Xpro Elementor Addons – Pro WordPress Remote Code Execution Vulnerability

April 26, 2025

CVE ID : CVE-2024-13808

Published : April 26, 2025, 5:15 a.m. | 2 hours, 14 minutes ago

Description : The Xpro Elementor Addons – Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.4.9 via the custom PHP widget. This is due to their only being client side controls when determining who can access the widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-1458 – Elementor Element Pack Addons Stored Cross-Site Scripting Vulnerability

Next Article CVE-2025-2801 – WordPress Create Custom Forms Plugin Arbitrary Shortcode Execution Vulnerability

Highlights

CVE-2025-3856 – Xxyopen Novel-Plus SQL Injection Vulnerability

April 21, 2025

CVE ID : CVE-2025-3856

Published : April 22, 2025, 1:15 a.m. | 1 hour, 21 minutes ago

Description : A vulnerability was found in xxyopen Novel-Plus 5.1.0. It has been classified as critical. This affects the function searchByPage of the file /book/searchByPage. The manipulation of the argument sort leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

10 Top Node.js Development Companies for Enterprise-Scale Projects (2025-2026 Ranked & Reviewed)

12 Must-Know Cost Factors When Hiring Node.js Developers for Your Enterprise

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

Microsoft reportedly lacks the know-how to fully leverage OpenAI’s tech — despite holding IP rights

Laravel in the First Half of 2025

Laravel in the First Half of 2025

PHP 8.5.0 Alpha 1 available for testing

Recording cross browser compatible media

GOnnect – easy to use VoIP client

GOnnect – easy to use VoIP client

Gnuinos – spin of Devuan Linux

5 Best Free and Open Source Backend Electronic Circuit Simulators

CVE-2024-13808 – Xpro Elementor Addons – Pro WordPress Remote Code Execution Vulnerability

CVE-2025-53602 – Zipkin Spring Boot Actuator Heapdump Information Disclosure

CVE-2025-7068 – HDF5 Memory Leak Vulnerability

CLIP-UP: A Simple and Efficient Mixture-of-Experts CLIP Training Recipe with Sparse Upcycling

CVE-2025-38177 – Linux Kernel – Sch_hfsc Idempotent Vulnerability

OChess – chess game analysis software

CVE-2025-6375 – Poco Null Pointer Dereference Vulnerability

CVE-2025-3856 – Xxyopen Novel-Plus SQL Injection Vulnerability

CodeSOD: Stop Being So ####

Error’d: Button, button, who’s got the button?

Coding a 3D Audio Visualizer with Three.js, GSAP & Web Audio API

CVE-2024-13808 – Xpro Elementor Addons – Pro WordPress Remote Code Execution Vulnerability

Related Posts