The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including,…
Wordfence·CWE-359·Published 2025-01-15
The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.10 via the 'render' function in modules/modal-popup/widgets/modal-popup.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, scheduled, and draft template data.
The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.10 via the 'render' function in modules/modal-popup/widgets/modal-popup.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, scheduled, and draft template data.
El complemento Elementor Addon Elements para WordPress es vulnerable a la exposición de información confidencial en todas las versiones hasta la 1.13.10 incluida a través de la función "render" en modules/modal-popup/widgets/modal-popup.php. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, extraigan datos confidenciales de plantillas privadas, pendientes, programadas y en borrador.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 3.1 | Primary | cve.org | 4.3 | — | — | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| 3.1 | Primary | cve.org | 4.3 | — | — | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| 3.1 | Secondary | NVD | 4.3 | 2.8 | 1.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |