CVE-2025-0968

Medium CVSS: 5.3

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.0 due to a missing capability checks on the get_megamenu_content() function. This makes it possible for unauthenticated attackers to view any item created in Elementor, such as posts, pages and templates including drafts, trashed and private items.

Vendor

Wpmet

Product

Elementskit Elementor Addons

CWE

CWE-284

Yayın Tarihi

2025-02-19 12:15:31

Güncelleme

2025-02-25 20:21:17

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-284 Elementskit Elementor Addons MEDIUM Wpmet 2025

Referanslar

https://plugins.trac.wordpress.org/browser/elementskit-lite/trunk/modules/megamenu/api.php#L47 https://plugins.trac.wordpress.org/changeset/3237243/ https://wordpress.org/plugins/elementskit-lite/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/432ac3b1-8f1d-442f-8e8d-62a1f26ba259?source=cve

Benzer Kayıtlar

Medium

CVE-2025-3614

The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the…

Medium

CVE-2025-4479

The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the…

Medium

CVE-2025-46253

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ataur R GutenKit g…

Medium

CVE-2024-11180

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Tim…

Medium

CVE-2025-1506

The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all…

Medium

CVE-2025-1005

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Imag…