CVE-2025-14155

MEDIUM EXPLOITED NUCLEI

Premium Addons for Elementor - Info Disclosure

Title source: llm

Description

The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_template_content' function in all versions up to, and including, 4.11.53. This makes it possible for unauthenticated attackers to view the content of private, draft, and pending templates.

Nuclei Templates (1)

Premium Addons for Elementor - Unauthenticated Information Disclosure

MEDIUMVERIFIEDby DhiyaneshDk

References (5)

https://research.cleantalk.org/cve-2025-14155/

[Product] https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/tags/4.11.53/includes/addons-integration.php#L1624

[Product] https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/tags/4.11.53/includes/addons-integration.php#L90

[Patch] https://plugins.trac.wordpress.org/changeset/3416254/

[Third Party Advisory] https://www.wordfence.com/threat-intel/vulnerabilities/id/135c33bb-5ec2-4697-9340-1d2651ff3a0b?source=cve

Scores

CVSS v3 5.3

EPSS 0.0068

EPSS Percentile 71.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

VulnCheck KEV 2026-02-23

CWE

CWE-862

Status published

Products (2)

leap13/premium_addons_for_elementor < 4.11.54

leap13/Premium Addons for Elementor – Powerful Elementor Templates & Widgets < 4.11.53

Published Dec 23, 2025

Tracked Since Feb 18, 2026