216.73.217.98

CVE-2025-0898

· Published 27/05/2026 11:16 · Modified 27/05/2026 14:50

Labels: CVE-2025-0898 2026-05-27CVE-2025-0898CWE-73[email protected]

Essential information

Published
27/05/2026 11:16
Modified
27/05/2026 14:50
Author
Creator
CVSS
6.5 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS metrics

Description

The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 1.4.7 via the Draw SVG widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.

NVD status

Status
Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
wordpress / xpro elementor addons pro cpe:2.3:a:wordpress:xpro_elementor_addons_pro:*:*:*:*:*:wordpress:*:*

References