Unauthorized Data Access in Envo's Templates & Widgets for Elementor and WooCommerce Plugin
CVE-2026-11600
4.3MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 2 July 2026
What is CVE-2026-11600?
The Envo's Templates & Widgets for Elementor and WooCommerce plugin for WordPress is susceptible to unauthorized data exposure. This arises from a lack of an authorization check in the Envo Tabs widget, particularly affecting versions up to 1.4.26. Authenticated users with Author-level access or higher can manipulate the widget to disclose the contents of private Elementor pages by passing compromised post IDs into publicly accessible locations. This flaw permits unauthorized visitors to view sensitive private data, significantly impacting user privacy and data security.
Affected Version(s)
Envo's Templates & Widgets for Elementor and WooCommerce 0 <= 1.4.26