CVE-2025-13368 in Addons Plugin정보

요약 (영어)

The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Widget's 'onClick Event' setting in all versions up to, and including, 1.4.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

책임이 있는

Wordfence

예약하다

2025. 11. 18.

공개

2026. 04. 04.

상태

확인됨

엔트리

VulDB provides additional information and datapoints for this CVE:

아이디취약성CWE악용 대책CVE
355299Xpro Addons Plugin Pricing Widget 크로스 사이트 스크립팅79정의되지 않음정의되지 않음CVE-2025-13368

설명

CPE

CWE

CVSS

익스플로잇

역사

차이

연결하다

위협 인텔리전스

API JSON

API XML

API CSV

출처

이전개요다음

Do you need the next level of professionalism?

Upgrade your account now!