MEDIUM
xpro
CVE published 2026-05-20
CVE-2025-15369
A missing capability check in the Xpro Addons for Elementor WordPress plugin allows unauthenticated attackers to create published templates. The vulnerability exists in the `get_content_editor` function through version 1.5.0. No authentication is required to exploit this flaw, which could lead to unauthorized content injection on affected sites. The issue was disclosed on 2026-05-20 with a CVSS 3.1 score [truncated]