← Back

CVE-2023-6582

nvd nist
Published: Jan 11, 2024Modified: Apr 8, 2026

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.3 via the ekit_widgetarea_content function. This makes it possible for unauthenticated attackers to obtain contents of posts in draft, private or pending review status that should not be visible to the general public. This applies to posts created with Elementor only.

Affected (1)

Wpmet
1 product
Elements Kit Elementor Addons
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Elements Kit Elementor Addons
Before 3.0.4

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (8)

Source: security@wordfence.com
Patch
Source: security@wordfence.com
Patch
Source: security@wordfence.com
Patch
Source: security@wordfence.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.