CVE-2023-6582
ElementsKit Lite <= 3.0.3 - Unauthenticated Sensitive Information Exposure
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.3 via the ekit_widgetarea_content function. This makes it possible for unauthenticated attackers to obtain contents of posts in draft, private or pending review status that should not be visible to the general public. This applies to posts created with Elementor only.
| CWE | CWE-284 |
| Vendor | roxnor |
| Product | elementskit elementor addons – advanced widgets & templates addons for elementor |
| Published | Jan 11, 2024 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for roxnor elementskit elementor addons – advanced widgets & templates addons for elementor
Be the first to know when new medium vulnerabilities affecting roxnor elementskit elementor addons – advanced widgets & templates addons for elementor are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
roxnor / ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor
0 ≤ 3.0.3
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/ff4ae5c8-d164-4c2f-9bf3-83934c22cf4c?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/elementskit-lite/tags/3.0.3/modules/controls/widget-area-utils.php#L15 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/elementskit-lite/tags/3.0.3/widgets/init/enqueue-scripts.php#L44 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/3011323/elementskit-lite/trunk/modules/controls/widget-area-utils.php
Credits
Nex Team