CVE-2025-2228

Medienbericht

EPSS 0.31%
Veröffentlicht 26.03.2025 12:41:17
Zuletzt bearbeitet 09.08.2025 01:46:19
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates <= 1.6.8 - Authenticated (Contributor+) Sensitive Information Exposure

The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.8 the 'register_user' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including usernames and passwords of any users who register via the Edit Login | Registration Form widget, as long as that user opens the email notification for successful registration.

Mögliche Gegenmaßnahme

Responsive Addons for Elementor – Free Elementor Addons, Kits and Elementor Templates: Update to version 1.6.9, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

NVD 1 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cyberchimps ≫ Responsive Addons For Elementor SwPlatformwordpress Version < 1.6.9

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Responsive Addons for Elementor – Free Elementor Addons, Kits and Elementor Templates

Version *-1.6.8

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.31%	0.224

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.7	2.1	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
security@wordfence.com	5.7	2.1	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.

VulnDex Intel

Media Report

09.08.2025 11:36

https://www.wordfence.com/threat-intel/vulnerabilities/id/659ef2e8-589c-4901-88ce-1d674c056ece?source=cve

Third Party Advisory

https://plugins.trac.wordpress.org/browser/responsive-addons-for-elementor/trunk/includes/modules-manager/login-register/class-login-register.php#L369

Product

https://plugins.trac.wordpress.org/changeset/3261241/

Product

https://www.wordfence.com/threat-intel/vulnerabilities/id/659ef2e8-589c-4901-88ce-1d674c056ece

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-2228

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-2228

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-2228

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-2228