CVE-2024-6455

MEDIUM EXPLOITED

ElementsKit Elementor addons <3.2.0 - Info Disclosure

Title source: llm

Exploitation Summary

CVE-2024-6455 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.0 due to a missing capability checks on ekit_widgetarea_content function. This makes it possible for unauthenticated attackers to view any item created in Elementor, such as posts, pages and templates including drafts, pending and private items.

References (2)

Core 2

Core References

Product

https://plugins.trac.wordpress.org/browser/elementskit-lite/tags/3.2.0/modules/controls/widget-area-utils.php#L15

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/7c336530-09b2-4ead-923f-f1a6266e3e8e?source=cve

Scores

CVSS v3 5.3

EPSS 0.0040

EPSS Percentile 31.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

VulnCheck KEV 2024-08-08

CWE

CWE-200 CWE-862

Status published

Products (2)

roxnor/ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor < 3.2.0

wpmet/elements_kit_elementor_addons < 3.2.1

Published Jul 18, 2024

Tracked Since Feb 18, 2026