cleantalk
Vulnerabilities and Security Researches

ElementsKit Elementor addons, CVE-2025-0968

CVE, Research URL

CVE-2025-0968

Home page URL

Security reports for ElementsKit Elementor addons

Application

ElementsKit Elementor addons

Published on
Feb 19, 2025
Research Description
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.0 due to a missing capability checks on the get_megamenu_content() function. This makes it possible for unauthenticated attackers to view any item created in Elementor, such as posts, pages and templates including drafts, trashed and private items.
Affected versions
Min -, max 3.4.1.
Status
vulnerable
Previous vulnerability researches
ElementsKit Elementor addons (CVE-2024-8546) , Sep 25, 2024
ElementsKit Elementor addons (CVE-2024-11180) , Mar 31, 2025
ElementsKit Elementor addons (CVE-2024-37255) , Jul 01, 2024
ElementsKit Elementor addons (CVE-2024-10091) , Oct 26, 2024
ElementsKit Elementor addons , Dec 27, 2024
New vulnerability
AI Search Bar (CVE-2025-31563) , Apr 04, 2025
Ship Per Product (CVE-2025-31773) , Apr 04, 2025
ContentBot AI Writer (ChatGPT, GPT3, GPT4) (CVE-2025-31818) , Apr 04, 2025
Oracle Cards Lite (CVE-2025-30852) , Apr 04, 2025
SCSS WP Editor (CVE-2025-31808) , Apr 04, 2025