CVE-2023-4723

Summary

The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.12.7 via the ajax_eae_post_data function. This can allow unauthenticated attackers to extract sensitive data including post/page ids and titles including those of with pending/draft/future/private status.

Affected Software

VendorProductVersion RangeStatus
wpvibesAddon Elements for Elementor (formerly Elementor Addon Elements)0 <= 1.12.7affected

Weaknesses

  • CWE-862: CWE-862 Missing Authorization

ADP Enrichment

CVE Program Container

Additional References

References