Get Started

WordPress: Sensitive Information Exposure Vulnerability in ElementsKit Elementor Addons Plugin

by the Hossted team
19.02.2025

In ElementsKit Elementor addons plugin for WordPress versions 3.4.0 and prior a medium severity vulnerability CVE-2025-0968 was detected. This vulnerability allows unauthenticated attackers to view sensitive information, such as posts, pages, templates, drafts, trashed, and private items, due to missing capability checks on the get_megamenu_content() function. To address this issue, users should upgrade ElementsKit Elementor addons plugin to version 3.4.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0968.

Related articles
OSSpedia
OSSpedia 19 Feb 2025 WordPress: Insecure Direct Object Reference in Education Addon for Elementor Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 19 Feb 2025 WordPress: Cross-Site Request Forgery Vulnerability in DeBounce Email Validator Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 19 Feb 2025 WordPress: Unauthorized Access Vulnerability in Raptive Ads Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 11 Mar 2025 WordPress: Stored XSS Vulnerability in Countdown Timer Plugin Business and Enterprise Solutions CMS WOR