CVE-2025-0968

EPSS 0.45%
Veröffentlicht 19.02.2025 12:15:31
Zuletzt bearbeitet 25.02.2025 20:21:17
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

ElementsKit Elementor addons <= 3.4.0 - Unauthenticated Information Exposure via get_megamenu_content Function

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.0  due to a missing capability checks on the get_megamenu_content() function. This makes it possible for unauthenticated attackers to view any item created in Elementor, such as posts, pages and templates including drafts, trashed and private items.

Mögliche Gegenmaßnahme

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor: Update to version 3.4.1, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 8

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wpmet ≫ Elementskit Elementor Addons SwPlatformwordpress Version < 3.4.1

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

Version *-3.4.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.45%	0.358

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@wordfence.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://wordpress.org/plugins/elementskit-lite/#developers

Product

Release Notes

https://plugins.trac.wordpress.org/browser/elementskit-lite/trunk/modules/megamenu/api.php#L47

Product

https://plugins.trac.wordpress.org/changeset/3237243/

Patch

https://www.wordfence.com/threat-intel/vulnerabilities/id/432ac3b1-8f1d-442f-8e8d-62a1f26ba259?source=cve

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/432ac3b1-8f1d-442f-8e8d-62a1f26ba259

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-0968

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-0968

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-0968

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-0968