Arbitrary File Reading Vulnerability in Xpro Elementor Addons - Pro for WordPress
CVE-2025-0898

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Xpro Elementor Addons - Pro
Vendor: CVE Published:; 27 May 2026

What is CVE-2025-0898?

The Xpro Elementor Addons - Pro plugin for WordPress, specifically through the Draw SVG widget, is susceptible to an Arbitrary File Reading vulnerability. This flaw allows authenticated attackers with Contributor-level access and above to gain unauthorized access to server files, potentially disclosing sensitive information. All versions up to and including 1.4.7 are impacted, highlighting the need for immediate attention and remediation to protect against unauthorized data exposure.

Affected Version(s)

Xpro Elementor Addons - Pro 0 <= 1.4.7

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://elementor.wpxpro.com/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
Jan 30, 2025

Credit

Matthew Rollings

CVE-2025-0898 Data

JSON