CVE-2024-10365
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.0.3 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates
CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.3 via the render function in modules/widgets/tp_carousel_anything.php, modules/widgets/tp_page_scroll.php, and other widgets. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.
| CWE | CWE-200 |
| Vendor | posimyththemes |
| Product | the plus addons for elementor – addons for elementor, page templates, widgets, mega menu, woocommerce |
| Published | Nov 20, 2024 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for posimyththemes the plus addons for elementor – addons for elementor, page templates, widgets, mega menu, woocommerce
Be the first to know when new medium vulnerabilities affecting posimyththemes the plus addons for elementor – addons for elementor, page templates, widgets, mega menu, woocommerce are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
posimyththemes / The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce
0 ≤ 6.0.3
References
Credits
Ankit Patel