Sensitive Information Exposure in All-in-One Addons for Elementor by WordPress
CVE-2024-10321

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: All-in-one Addons For Elementor – Widgetkit
Vendor: CVE Published:; 8 March 2025

Summary

The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is exposed to sensitive information leakage, affecting all versions up to and including 2.5.4. The vulnerability exists in the elements/advanced-tab/template/view.php file, allowing authenticated attackers with Contributor-level access or higher to extract sensitive private, pending, and draft template data. This exposure could lead to unauthorized access to sensitive site content, highlighting the need for immediate updates and proper security measures to protect user data.

Affected Version(s)

All-in-One Addons for Elementor – WidgetKit * <= 2.5.4

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/widgetkit-for-...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 8, 2025
Vulnerability Reserved
Oct 23, 2024

Credit

Ankit Patel