Code injection

2023-07-2006:15:00

PRIOn knowledge base

www.prio-n.com

wordpress

elementor

api key disclosure

vulnerability

mailchimp block

unauthenticated attackers

nvd

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.7%

JSON

The Essential Addons For Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 5.8.1 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers to obtain a site’s MailChimp API key. We recommend resetting any MailChimp API keys if running a vulnerable version of this plugin with the MailChimp block enabled as the API key may have been compromised. This only affects sites running the premium version of the plugin and that have the Mailchimp block enabled on a page.

CPENameOperatorVersion
essential_addons_for_elementorle5.8.1

CPE	Name	Operator	Version
	essential_addons_for_elementor	le	5.8.1

References

plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2938177%40essential-addons-for-elementor-lite&new=2938177%40essential-addons-for-elementor-lite&sfp_email=&sfph_mail=

www.wordfence.com/threat-intel/vulnerabilities/id/e007c713-74bc-4ff5-a198-70dcc8a8ee68?source=cve