CVE-2025-69312
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-69312, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-22

Last updated on: 2026-01-27

Assigner: Patchstack

Description

Unrestricted Upload of File with Dangerous Type vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Upload a Web Shell to a Web Server.This issue affects Xpro Elementor Addons: from n/a through <= 1.4.19.1.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-22
Last Modified
2026-01-27
Generated
2026-07-06
AI Q&A
2026-01-23
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
xpro xpro_elementor_addons to 1.4.19.1 (inc)
xpro xpro_elementor_addons 1.4.20

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The provided resources do not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2025-69312 is an Arbitrary File Upload vulnerability in the WordPress Xpro Elementor Addons Plugin (versions up to 1.4.19.1). It allows a malicious user with author or developer privileges to upload arbitrary files, including dangerous web shells, to the web server. This can enable unauthorized code execution and compromise the affected website. [1]

Impact Analysis

This vulnerability can lead to unauthorized execution of code on your website, allowing attackers to install backdoors or web shells. This can result in full site compromise, data theft, defacement, or further malicious activities on your server. [1]

Detection Guidance

Detection can involve checking if the vulnerable plugin version (<= 1.4.19.1) is installed and monitoring for arbitrary file uploads or web shells on the server. Specific commands are not provided in the resources, but typical approaches include scanning the web server directories for unexpected PHP or shell files and reviewing upload logs for suspicious activity. Patchstack provides mitigation rules that may help detect attack attempts. [1]

Mitigation Strategies

Immediately update the Xpro Elementor Addons plugin to version 1.4.20 or later, which resolves the vulnerability. Until updating, apply the Patchstack mitigation rule to block attacks targeting this vulnerability. Using Patchstack's automatic mitigation and auto-update options is also recommended to ensure rapid protection. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69312. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart