Remote Code Execution Vulnerability in Xpro Elementor Addons - Pro Plugin for WordPress
CVE-2024-13808
8.8HIGH
What is CVE-2024-13808?
The Xpro Elementor Addons - Pro plugin for WordPress is susceptible to a Remote Code Execution vulnerability in all versions up to and including 1.4.9. This flaw arises from insufficient server-side controls, allowing authenticated attackers with Contributor-level access or higher to execute arbitrary code on the server via the custom PHP widget. Proper server validation mechanisms are lacking, creating an opportunity for exploitation and potential compromise of the site.
Affected Version(s)
Xpro Elementor Addons - Pro * <= 1.4.9