cleantalk
Vulnerabilities and Security Researches

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders, CVE-2026-1004

CVE, Research URL

CVE-2026-1004

Home page URL

Security reports for Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

Application

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders

Published on
Jan 16, 2026
Research Description
The Essential Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 6.5.5 via the 'eael_product_quickview_popup' function. This makes it possible for unauthenticated attackers to retrieve WooCommerce product information for products with draft, pending, or private status, which should normally be restricted.
Affected versions
max 6.5.6.
Status
vulnerable
Previous vulnerability researches
Hustle – Email Marketing, Lead Generation, Optins, Popups (CVE-2026-2263) , Apr 13, 2026
Hustle – Email Marketing, Lead Generation, Optins, Popups (CVE-2024-0368) , Jun 07, 2024
Hustle – Email Marketing, Lead Generation, Optins, Popups (CVE-2019-11872) , Jun 07, 2024
Hustle – Email Marketing, Lead Generation, Optins, Popups (CVE-2026-24998) , Feb 27, 2026
Hustle – Email Marketing, Lead Generation, Optins, Popups (CVE-2018-18576) , Jun 07, 2024
New vulnerability
WP-DownloadManager (CVE-2026-2426) , Apr 15, 2026
WP-DownloadManager (CVE-2026-2419) , Apr 15, 2026
Disable Admin Notices individually (CVE-2026-2410) , Apr 15, 2026
Database for Contact Form 7, WPforms, Elementor forms (CVE-2026-2599) , Apr 15, 2026
Database for Contact Form 7, WPforms, Elementor forms (CVE-2026-0825) , Apr 15, 2026