CVE-2023-6582

MEDIUM

ElementsKit Elementor addons <3.0.3 - Info Disclosure

Title source: llm

Description

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.3 via the ekit_widgetarea_content function. This makes it possible for unauthenticated attackers to obtain contents of posts in draft, private or pending review status that should not be visible to the general public. This applies to posts created with Elementor only.

References (4)

Core 4

Core References

Patch

https://plugins.trac.wordpress.org/browser/elementskit-lite/tags/3.0.3/modules/controls/widget-area-utils.php#L15

Patch

https://plugins.trac.wordpress.org/browser/elementskit-lite/tags/3.0.3/widgets/init/enqueue-scripts.php#L44

Patch

https://plugins.trac.wordpress.org/changeset/3011323/elementskit-lite/trunk/modules/controls/widget-area-utils.php

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/ff4ae5c8-d164-4c2f-9bf3-83934c22cf4c?source=cve

Scores

CVSS v3 5.3

EPSS 0.0052

EPSS Percentile 40.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-284

Status published

Products (2)

roxnor/ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor < 3.0.3

wpmet/elements_kit_elementor_addons < 3.0.4

Published Jan 11, 2024

Tracked Since Feb 18, 2026