CVE-2025-69312
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-22

Last updated on: 2026-01-27

Assigner: Patchstack

Description
Unrestricted Upload of File with Dangerous Type vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Upload a Web Shell to a Web Server.This issue affects Xpro Elementor Addons: from n/a through <= 1.4.19.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-22
Last Modified
2026-01-27
Generated
2026-06-16
AI Q&A
2026-01-22
EPSS Evaluated
2026-06-15
NVD
CVE-2025-69312
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
xpro xpro_elementor_addons to 1.4.19.1 (inc)
xpro xpro_elementor_addons 1.4.20
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-69312 is an Arbitrary File Upload vulnerability in the WordPress Xpro Elementor Addons Plugin (versions up to 1.4.19.1). It allows a malicious user with author or developer privileges to upload arbitrary files, including dangerous web shells, to the web server. This can enable unauthorized code execution and compromise the affected website. [1]

Impact Analysis

This vulnerability can lead to unauthorized execution of code on your website, allowing attackers to install backdoors or web shells. This can result in full site compromise, data theft, defacement, or further malicious activities on your server. [1]

Detection Guidance

Detection can involve checking if the vulnerable plugin version (<= 1.4.19.1) is installed and monitoring for arbitrary file uploads or web shells on the server. Specific commands are not provided in the resources, but typical approaches include scanning the web server directories for unexpected PHP or shell files and reviewing upload logs for suspicious activity. Patchstack provides mitigation rules that may help detect attack attempts. [1]

Mitigation Strategies

Immediately update the Xpro Elementor Addons plugin to version 1.4.20 or later, which resolves the vulnerability. Until updating, apply the Patchstack mitigation rule to block attacks targeting this vulnerability. Using Patchstack's automatic mitigation and auto-update options is also recommended to ensure rapid protection. [1]

Compliance Impact

The provided resources do not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69312. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart