The vulnerability CVE-2025-63044 affects Xpro Elementor Addons, specifically versions up to and including 1.4.19.1. It is a DOM-based Cross-site Scripting (XSS) issue caused by improper neutralization of input during web page generation. The CVSS 3.1 base score is 6.5, indicating a medium severity with network attack vector, low attack complexity, requiring privileges and user interaction, and impacts on confidentiality, integrity, and availability. No known exploits in the wild have been reported, and no patch or vendor advisory is currently available.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of the affected web application, potentially leading to partial disclosure of sensitive information, modification of data, or disruption of service. The CVSS vector indicates that the attack requires user interaction and some privileges, limiting the ease of exploitation but still posing a risk to affected systems.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider limiting privileges and user interactions with untrusted content in the affected plugin. Monitor official Xpro channels for updates and apply patches promptly once available.