CVE-2026-2373

Medium CVSS: 5.3

The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1049 via the get_main_query_args() function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract contents of non-public custom post types, such as Contact Form 7 submissions or WooCommerce coupons.

Vendor

Product

CWE

CWE-862

Yayın Tarihi

2026-03-17 04:16:14

Güncelleme

2026-03-17 14:20:01

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-862 MEDIUM 2026

Referanslar

https://plugins.trac.wordpress.org/changeset/3475656/ https://www.wordfence.com/threat-intel/vulnerabilities/id/c4192a7f-b962-46f9-a524-7271ed6f4917?source=cve