WordPress Xpro Addons For Elementor plugin <= 1.4.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Site Title' widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'Site Title' widget vulnerability discovered by Prissy - Developer in WordPress Plugin Xpro Elementor Addons versions = 1.4.7.1...

Duplicator < 1.4.7.1 - Unauthenticated System Information Disclosure

The plugin does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site. 1. curl 'http://example.com/wp-content/backups-dup-lite/dup-installer/main.installer.php?view=1' 2. curl -d view...