CVE-2023-6582

CVE-2023-6582 affects ElementsKit Lite/Elementor addon for WordPress. The vulnerability is an unauthenticated Sensitive Information Exposure via the ekit_widgetarea_content function, allowing attackers to read posts in draft, private, or pending status when posts are created with Elementor. Affec...

WordPress Plugin ElementsKit Elementor addons security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

ElementsKit Lite < 3.0.4 - Unauthenticated Sensitive Information Exposure

Description The plugin is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.3 via the ekitwidgetareacontent function. This makes it possible for unauthenticated attackers to obtain contents of posts in draft, private or pending review status that should not be...

WordPress ElementsKit Pro Plugin <= 3.3.0 is vulnerable to Broken Access Control

Software ElementsKit Pro Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.6.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-39993 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID b8963eeda442 Credits Rafie Muhammad Patchsta...

CVE-2021-24258 ElementsKit and ElementsKit Pro < 2.2.0 - Contributor+ Stored XSS

The Elements Kit Lite and Elements Kit Pro WordPress Plugins before 2.2.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method...