CVE-2026-2949: Xpro Addons XSS Vulnerability (≤1.4.24)
Plattform
wordpress
Komponente
xpro-elementor-addons
Behoben in
1.4.25
CVE-2026-2949 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Xpro Addons — 140+ Widgets for Elementor plugin for WordPress. This vulnerability allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages, which execute when a user accesses the injected page. The affected versions are up to and including 1.4.24. The vulnerability is fixed in version 1.4.25.
So beheben
Aktualisieren Sie auf Version 1.4.25 oder eine neuere gepatchte Version
Häufig gestellte Fragen
What is CVE-2026-2949?
CVE-2026-2949 is a stored Cross-Site Scripting (XSS) vulnerability in the Xpro Addons plugin for WordPress, allowing attackers to inject malicious scripts into website pages.
Am I affected by CVE-2026-2949?
You are affected if you are using the Xpro Addons plugin for WordPress, versions 1.4.24 or earlier. Authenticated users with contributor access can inject scripts.
How do I fix CVE-2026-2949?
To fix this vulnerability, update the Xpro Addons plugin to version 1.4.25 or later. This version contains the necessary security patch.
Abhängigkeiten automatisch überwachen
Werde benachrichtigt, wenn neue Schwachstellen deine Projekte betreffen. Für immer kostenlos.
Kostenlos starten