PT-2026-7511 · WordPress · Wpzoom Addons For Elementor – Starter Templates & Widgets

Craig Smith

Publicado

2026-02-11

Atualizado

2026-02-11

CVE-2026-2295

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions WPZOOM Addons for Elementor – Starter Templates & Widgets versions prior to 1.3.3

Description The WPZOOM Addons for Elementor – Starter Templates & Widgets plugin for WordPress has a flaw that allows unauthorized access to data. This is due to a missing capability check on the ajax post grid load more function. An unauthenticated attacker can retrieve protected post titles and excerpts (draft, future, pending) that should not be publicly accessible.

Recommendations Update WPZOOM Addons for Elementor – Starter Templates & Widgets to version 1.3.3 or later.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2026-2295

Produtos afetados

Wpzoom Addons For Elementor – Starter Templates & Widgets

PT-2026-7511 · WordPress · Wpzoom Addons For Elementor – Starter Templates & Widgets

CVE-2026-2295

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8