What is the CVSS score of CVE-2025-69312?

CVE-2025-69312 has a CVSS 3.1 base score of 9.1 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Xpro Xpro Elementor Addons are affected by CVE-2025-69312?

A critical vulnerability in the Xpro Elementor Addons plugin allows attackers to upload malicious files without restriction, potentially enabling complete website compromise and data breach.

How to fix or mitigate CVE-2025-69312?

Within 24 hours: Audit all systems using Xpro Elementor Addons and disable the plugin immediately if not mission-critical; enable file upload restrictions at the web server level. Within 7 days: Conduct forensic analysis of upload directories for suspicious files; implement Web Application Firewall rules blocking file uploads to affected plugin paths. Within 30 days: Evaluate alternative plugins; establish a vendor communication protocol for security updates; deploy file type validation controls independent of plugin functionality.

Xpro Xpro Elementor Addons CVE-2025-69312

CRITICAL

Unrestricted Upload of File with Dangerous Type (CWE-434)

2026-01-22 audit@patchstack.com

File Upload

9.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Jan 22, 2026 - 17:16 nvd

CRITICAL 9.1

DescriptionNVD

Unrestricted Upload of File with Dangerous Type vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Upload a Web Shell to a Web Server.This issue affects Xpro Elementor Addons: from n/a through <= 1.4.19.1.

AnalysisAI

Xpro Elementor Addons WordPress plugin has an unrestricted file upload allowing attackers to upload dangerous file types through the Elementor builder integration.

Technical ContextAI

The Xpro Elementor Addons plugin has a CWE-434 unrestricted upload vulnerability that allows uploading files without proper type validation through the Elementor page builder integration.

Affected ProductsAI

Xpro Elementor Addons WordPress plugin

RemediationAI

Update the plugin. Restrict file upload types.

CVE-2025-69312 vulnerability details – vuln.today

Back

Xpro Xpro Elementor Addons CVE-2025-69312

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code