WordPress · Essential Addons For Elementor · CVE-2026-7665
**Name of the Vulnerable Software and Affected Versions**
Essential Addons for Elementor versions prior to 6.6.5
**Description**
The plugin is subject to information exposure due to insufficient restrictions on the posts that can be included within the `ajax load more()` function. This allows unauthenticated attackers to extract data from private, draft, or password-protected posts that should otherwise be inaccessible.
**Recommendations**
Update to a version later than 6.6.4.
As a temporary workaround, consider restricting access to the `ajax load more()` function until the update is applied.