PT-2026-3237 · WordPress+1 · Essential Addons For Elementor+1

Shrikant Bhosale

Publicado

2026-01-16

Atualizado

2026-01-16

CVE-2026-1004

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Essential Addons for Elementor plugin for WordPress versions through 6.5.5

Description The Essential Addons for Elementor plugin for WordPress is susceptible to exposure of sensitive information. An unauthenticated attacker can retrieve WooCommerce product information, including products with draft, pending, or private status, which should normally be restricted. This is possible through the eael product quickview popup function.

Recommendations Update the Essential Addons for Elementor plugin to a version later than 6.5.5.

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862

Identificadores relacionados

CVE-2026-1004

Produtos afetados

Elementor

Essential Addons For Elementor

PT-2026-3237 · WordPress+1 · Essential Addons For Elementor+1

CVE-2026-1004

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11