CVE-2024-12140
Elementor AI Addons – 70 Widgets, Premium Templates, Ultimate Elements <= 2.2.1 - Authenticated (Contributor+) Private Templates Content Disclosure
CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th
The Elementor Addons AI Addons – 70 Widgets, Premium Templates, Ultimate Elements plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.1 via the render function due to insufficient restrictions on which templates can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft templates that they should not have access to.
| CWE | CWE-200 |
| Vendor | aiwp |
| Product | elementor addons ai addons – 70 widgets, premium templates, ultimate elements |
| Published | Jan 7, 2025 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for aiwp elementor addons ai addons – 70 widgets, premium templates, ultimate elements
Be the first to know when new medium vulnerabilities affecting aiwp elementor addons ai addons – 70 widgets, premium templates, ultimate elements are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
aiwp / Elementor Addons AI Addons – 70 Widgets, Premium Templates, Ultimate Elements
0 ≤ 2.2.1
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/c00d83a7-dd7a-407d-b44e-7ee0a2a1492a?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/ai-addons-for-elementor/tags/2.2.1/includes/widgets/accordion.php#L958 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/ai-addons-for-elementor/tags/2.2.1/includes/widgets/tab.php#L905
Credits
Nirmal