cleantalk
Vulnerabilities and Security Researches

Prime Addons for Elementor, CVE-2024-13855

CVE, Research URL

CVE-2024-13855

Home page URL

Security reports for Prime Addons for Elementor

Application

Prime Addons for Elementor

Published on
Feb 20, 2025
Research Description
The Prime Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.1 via the pae_global_block shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract information from posts that are not public, including drafts, private, password protected, and restricted posts. This applies to posts created with Elementor only.
Affected versions
Min -, max 2.0.1.
Status
vulnerable
Previous vulnerability researches
Super Addons for Elementor (CVE-2024-51588) , Nov 04, 2024
Hoo Addons for Elementor (CVE-2024-51590) , Nov 04, 2024
Elementor Stripe Payment (2330171d2355b977f89e1cff36c18d815163ec0d) , Jun 07, 2024
Prime Addons for Elementor (CVE-2024-13855) , Feb 22, 2025
Drozd – Addons for Elementor (CVE-2024-52425) , Nov 17, 2024
New vulnerability
CubeWP Forms – LeadGen & Contact Form (CVE-2025-49880) , Jun 20, 2025
WP2LEADS | WordPress und KlickTipp einfach verbinden – WooCommerce und KlickTipp einfach verbinden (CVE-2025-49316) , Jun 20, 2025
Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit (CVE-2025-1562) , Jun 20, 2025
eCommerce Product Catalog Plugin for WordPress (CVE-2025-49331) , Jun 20, 2025
Broadstreet (CVE-2025-4652) , Jun 20, 2025