CVE-2026-7665
MEDIUM SEVERITYCVSS Score & Metrics
Base Score
5.3 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Description
The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.6.4 via the ajax_load_more function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-639
Source
NVD
External References
- https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/6.5.13/includes/Traits/Ajax_Handler.php#L106
- https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/6.5.13/includes/Traits/Ajax_Handler.php#L1601
- https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/6.5.13/includes/Traits/Ajax_Handler.php#L197
- https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/6.5.13/includes/Traits/Ajax_Handler.php#L292
- https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/6.6.3/includes/Traits/Ajax_Handler.php#L106
- https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/6.6.3/includes/Traits/Ajax_Handler.php#L1601
- https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/6.6.3/includes/Traits/Ajax_Handler.php#L197
- https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/6.6.3/includes/Traits/Ajax_Handler.php#L292
- https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Traits/Ajax_Handler.php#L106
- https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Traits/Ajax_Handler.php#L1601
- https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Traits/Ajax_Handler.php#L197
- https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Traits/Ajax_Handler.php#L292
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3541534%40essential-addons-for-elementor-lite&new=3541534%40essential-addons-for-elementor-lite&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/861ece65-bee7-4124-b1a8-de9fb0c1cbc7?source=cve
Discussion (0)
Add Comment
No comments yet. Be the first!