CVE-2021-44228 not using XPack, does exposure change?

Nothing in the security announcement for this issue is specific to which plugins you have installed or the number of nodes in your cluster.

You should follow the recommendations in that announcement.