Sensitive Information Exposure in Elementor Addon Elements for WordPress
CVE-2023-4723

5.3MEDIUM

Key Information:

Vendor: WordPress
Status: Addon Elements For Elementor (formerly Elementor Addon Elements)
Vendor: CVE Published:; 15 November 2023

What is CVE-2023-4723?

The Elementor Addon Elements plugin for WordPress is susceptible to sensitive information exposure through the ajax_eae_post_data function. This vulnerability affects all versions up to and including 1.12.7, allowing unauthorized users to access and retrieve sensitive information such as post and page IDs and titles, even for content marked as pending, draft, future, or private. Proper security measures should be enforced to mitigate this risk and protect sensitive data from being compromised.

Affected Version(s)

Addon Elements for Elementor (formerly Elementor Addon Elements) 0 <= 1.12.7

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/addon-elements...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 15, 2023
Vulnerability Reserved
Sep 1, 2023

Credit

Marco Wotschka

Paolo Tresso

CVE-2023-4723 Data

JSON