Ankit Patel

**Name of the Vulnerable Software and Affected Versions** Easy Elements for Elementor – Addons & Website Templates versions prior to 1.4.5 **Description** The plugin allows unauthenticated attackers to gain administrator access to a site through privilege escalation during user registration. This occurs because the `easyel handle register()` function fails to restrict the user roles that can be assigned during the registration process, enabling an attacker to specify the `administrator` role. **Recommendations** Update the plugin to a version later than 1.4.4. As a temporary workaround, restrict access to the user registration functionality until the update is applied.

**Name of the Vulnerable Software and Affected Versions** The WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder plugin for WordPress versions up to, and including, 1.2.2 **Description** The issue is related to Stored Cross-Site Scripting via custom widgets due to insufficient input sanitization and output escaping. This allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 1.2.2, update to a version that addresses the insufficient input sanitization and output escaping issue to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting access to custom widget creation to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Pricing Table by PickPlugins plugin for WordPress versions up to, and including, 1.12.10 **Description** The issue is related to Stored Cross-Site Scripting via the Button Link due to insufficient input sanitization and output escaping. This allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 1.12.10, update to a version that addresses the insufficient input sanitization and output escaping issue to prevent Stored Cross-Site Scripting attacks.

**Name of the Vulnerable Software and Affected Versions** Jeg Elementor Kit plugin for WordPress versions prior to 2.6.12 **Description** The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, scheduled, and draft template data. This is possible via the `expired data` and `build content` functions. **Recommendations** For versions prior to 2.6.12, update to version 2.6.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the `expired data` and `build content` functions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The HT Event – WordPress Event Manager Plugin for Elementor plugin for WordPress versions up to, and including, 1.4.7 **Description** The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, scheduled, and draft template data via the `render` function in `/includes/widgets/htevent sponsor.php`. This makes it possible for attackers to access sensitive information. **Recommendations** For versions up to, and including, 1.4.7, consider disabling the `render` function in `/includes/widgets/htevent sponsor.php` until a patch is available to prevent exploitation. Restrict access to the `/includes/widgets/htevent sponsor.php` file to minimize the risk of sensitive information exposure. Avoid using the `render` function for sensitive template data until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Elementor Website Builder Pro plugin for WordPress versions prior to 3.25.11 **Description** The issue allows authenticated attackers with Contributor-level access and above to extract sensitive data, including the content of Private, Pending, and Draft Templates, via the `elementor-template` shortcode. This makes it possible to access confidential information. The vulnerability was partially patched in version 3.24.4. **Recommendations** For versions prior to 3.24.4, update to version 3.24.4 or later to partially mitigate the issue. For versions 3.24.4 through 3.25.10, update to version 3.25.11 or later to fully resolve the issue. As a temporary workaround, consider restricting access to the `elementor-template` shortcode until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress versions up to, and including, 1.6.4 **Description** The issue is related to Stored Cross-Site Scripting via HTML tags in several widgets due to insufficient input sanitization and output escaping. This allows authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 1.6.4, update to a version later than 1.6.4 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable widgets until a patch is available. Avoid using the vulnerable plugin until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** RomethemeKit For Elementor plugin for WordPress versions up to, and including, 1.5.2 **Description** The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, and draft template data through the `register controls` function in `widgets/offcanvas-rometheme.php`. This enables the exposure of sensitive information. **Recommendations** For versions up to, and including, 1.5.2, consider disabling the `register controls` function in `widgets/offcanvas-rometheme.php` as a temporary workaround until a patch is available. Restrict access to the `widgets/offcanvas-rometheme.php` file to minimize the risk of exploitation. Avoid using the `register controls` function in the affected plugin until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Elementor Addon Elements plugin for WordPress versions up to, and including, 1.13.10 **Description** The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, scheduled, and draft template data via the `render` function in modules/modal-popup/widgets/modal-popup.php. This makes it possible for attackers to access confidential information. **Recommendations** For versions up to, and including, 1.13.10, consider disabling the `render` function in modules/modal-popup/widgets/modal-popup.php as a temporary workaround until a patch is available. Restrict access to the modal-popup module to minimize the risk of exploitation. Avoid using the affected plugin until the issue is resolved. Update to a version later than 1.13.10 when available.

**Name of the Vulnerable Software and Affected Versions** RRAddons for Elementor plugin for WordPress version 1.1.0 and earlier **Description** The issue allows authenticated attackers with Contributor-level access and above to extract data from private or draft posts due to insufficient restrictions on which posts can be included via the Popup block. **Recommendations** For RRAddons for Elementor plugin for WordPress version 1.1.0 and earlier, update to a version later than 1.1.0 to resolve the issue. As a temporary workaround, consider restricting access to the Popup block for users with Contributor-level access and above until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Orbit Fox by ThemeIsle plugin for WordPress versions up to, and including, 2.10.43 **Description** The issue is related to Stored Cross-Site Scripting via the `title tag` parameter due to insufficient input sanitization and output escaping. This allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 2.10.43, consider disabling the `title tag` parameter until a patch is available to prevent exploitation. Restrict access to pages that may have been injected with malicious scripts to minimize the risk of execution. Update to a version later than 2.10.43 once it becomes available, as it is expected to include fixes for this issue.

**Name of the Vulnerable Software and Affected Versions** BWD Elementor Addons plugin for WordPress versions up to and including 4.3.18 **Description** The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, and draft template data due to sensitive information exposure in the widgets/bwdeb-content-switcher.php file. **Recommendations** For versions up to and including 4.3.18, update to a version higher than 4.3.18 to resolve the issue. As a temporary workaround, consider restricting access to the `widgets/bwdeb-content-switcher.php` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned. **Description** A potential issue is described, with references to cryptographic terms and error messages, including ‘TuringLock Active’ and ‘SYS-ERR’. The description also mentions a ‘Grandmother Exploit’, suggesting a possible exploitation method. However, without further details, the nature and impact of this issue are unclear. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Animation Addons for Elementor plugin for WordPress versions up to, and including, 1.1.6 **Description** The issue concerns the exposure of sensitive information in the Animation Addons for Elementor plugin for WordPress. This is possible through the `render` function in `widgets/content-slider.php` and `widgets/tabs.php`. Authenticated attackers with Contributor-level access and above can extract sensitive private, pending, and draft Elementor template data. **Recommendations** For versions up to, and including, 1.1.6, consider disabling the `render` function in `widgets/content-slider.php` and `widgets/tabs.php` as a temporary workaround until a patch is available. Restrict access to these widgets to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ElementsReady Addons for Elementor versions up to, and including, 6.4.8 **Description** The issue allows authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data due to Sensitive Information Exposure in the inc/Widgets/accordion/output/content.php file. **Recommendations** For versions up to, and including, 6.4.8, update to a version later than 6.4.8 to resolve the issue. As a temporary workaround, consider restricting access to the inc/Widgets/accordion/output/content.php file until a patch is available. Restrict Contributor-level access and above to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Jeg Elementor Kit plugin for WordPress versions up to, and including, 2.6.9 Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, and draft template data. This is possible due to the `render content` function in `class/elements/views/class-tabs-view.php`. Recommendations: For versions up to, and including, 2.6.9, consider disabling the `render content` function in `class/elements/views/class-tabs-view.php` as a temporary workaround until a patch is available. Update to a version later than 2.6.9 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** The Stratum – Elementor Widgets plugin for WordPress versions up to, and including, 1.4.4 **Description** The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, and draft template data due to Sensitive Information Exposure. This is possible in the includes/templates/content-switcher.php file. **Recommendations** For versions up to, and including, 1.4.4, update the plugin immediately to a version above 1.4.4 to prevent exploitation. Additionally, review logs for suspicious activity to identify any potential breaches. As a temporary workaround, consider restricting access to the includes/templates/content-switcher.php file until the update is applied.

**Name of the Vulnerable Software and Affected Versions** The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress versions up to, and including, 6.0.3 **Description** The issue concerns sensitive information exposure. Authenticated attackers with Contributor-level access and above can extract sensitive private, pending, and draft template data via the render function in modules/widgets/tp carousel anything.php, modules/widgets/tp page scroll.php, and other widgets. **Recommendations** For versions up to, and including, 6.0.3, update to a version higher than 6.0.3 to resolve the issue. As a temporary workaround, consider restricting access to the render function in modules/widgets/tp carousel anything.php, modules/widgets/tp page scroll.php, and other widgets to minimize the risk of exploitation. Restrict access to sensitive private, pending, and draft template data until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Magical Addons For Elementor plugin for WordPress versions up to, and including, 1.2.4 **Description** The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, and draft template data via the `get content type` function in `includes/widgets/content-reveal.php`. This makes it possible for attackers to access sensitive information. **Recommendations** For versions up to, and including, 1.2.4, update the plugin to the latest patched version immediately to prevent sensitive information exposure. As a temporary workaround, consider restricting access to the `get content type` function in `includes/widgets/content-reveal.php` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress versions up to, and including, 1.4.6 **Description** The issue is related to Sensitive Information Exposure, which makes it possible for authenticated attackers with Contributor-level access and above to extract sensitive private, pending, and draft template data. This is achieved via the render function in widgets/content-toggle/layout/frontend.php. **Recommendations** For versions up to, and including, 1.4.6, update to the latest version immediately to mitigate risks. As a temporary workaround, consider restricting access to the render function in widgets/content-toggle/layout/frontend.php to minimize the risk of exploitation.