5.3
CVE-2025-0968
- EPSS 0.35%
- Veröffentlicht 19.02.2025 12:15:31
- Zuletzt bearbeitet 25.02.2025 20:21:17
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginElementsKit Elementor addons <= 3.4.0 - Unauthenticated Information Exposure via get_megamenu_content Function
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.0 due to a missing capability checks on the get_megamenu_content() function. This makes it possible for unauthenticated attackers to view any item created in Elementor, such as posts, pages and templates including drafts, trashed and private items.
Mögliche Gegenmaßnahme
ElementsKit Elementor Addons and Templates: Update to version 3.4.1, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
ElementsKit Elementor Addons and Templates
Version
*-3.4.0
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wpmet ≫ Elementskit Elementor Addons SwPlatformwordpress Version < 3.4.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.35% | 0.566 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.