4.3

CVE-2025-39589

WordPress Essential Addons for Elementor plugin <= 6.1.9 - Sensitive Data Exposure Vulnerability

Essential Addons for Elementor <= 6.1.9 - Authenticated (Contributor+) Information Disclosure

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Retrieve Embedded Sensitive Data.This issue affects Essential Addons for Elementor: from n/a through <= 6.1.9.
Mögliche Gegenmaßnahme
Essential Addons for Elementor – Popular Elementor Templates & Widgets: Update to version 6.1.10, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WpdeveloperEssential Addons For Elementor SwEditionlite SwPlatformwordpress Version < 6.1.10
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt Essential Addons for Elementor – Popular Elementor Templates & Widgets
Version *-6.1.9
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.33% 0.248
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
audit@patchstack.com 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere

The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.

https://patchstack.com/database/Wordpress/Plugin/essential-addons-for-elementor-lite/vulnerability/wordpress-essential-addons-for-elementor-6-1-9-sensitive-data-exposure-vulnerability?_s_id=cve
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/434b140a-43b7-41bc-8cc2-ed82787b90c3
Third Party Advisory