cleantalk
Vulnerabilities and Security Researches

130+ Widgets | Best Addons For Elementor – FREE, CVE-2025-15369

CVE, Research URL

CVE-2025-15369

Home page URL

Security reports for 130+ Widgets | Best Addons For Elementor – FREE

Application

130+ Widgets | Best Addons For Elementor – FREE

Published on
May 20, 2026
Research Description
The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_content_editor function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to create published Xpro templates.
Affected versions
max 1.5.1.
Status
vulnerable
Previous vulnerability researches
Sticky Social Link (CVE-2024-34546) , Jun 10, 2024
Buooy Sticky Header (CVE-2024-51699) , Nov 08, 2024
Sticky Action Buttons (CVE-2025-14465) , Jan 10, 2026
Sticky (CVE-2026-6397) , May 22, 2026
WP Sticky Side Buttons (CVE-2025-39421) , Apr 19, 2025
New vulnerability
BLOGCHAT Chat System (CVE-2026-8420) , May 23, 2026
TypeSquare Webfonts for ConoHa (CVE-2026-8610) , May 23, 2026
130+ Widgets | Best Addons For Elementor – FREE (CVE-2025-15369) , May 22, 2026
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin (CVE-2026-42676) , May 22, 2026
Stripe Payment Plugin for WooCommerce (CVE-2026-45217) , May 22, 2026