Xpro Xpro Elementor Addons CVE-2025-69312
CRITICALSeverity by source
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Unrestricted Upload of File with Dangerous Type vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Upload a Web Shell to a Web Server.This issue affects Xpro Elementor Addons: from n/a through <= 1.4.19.1.
AnalysisAI
Xpro Elementor Addons WordPress plugin has an unrestricted file upload allowing attackers to upload dangerous file types through the Elementor builder integration.
Technical ContextAI
The Xpro Elementor Addons plugin has a CWE-434 unrestricted upload vulnerability that allows uploading files without proper type validation through the Elementor page builder integration.
Affected ProductsAI
Xpro Elementor Addons WordPress plugin
RemediationAI
Update the plugin. Restrict file upload types.
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today