CVE-2023-6582

Name of the Vulnerable Software and Affected Versions ElementsKit Elementor addons plugin for WordPress versions up to, and including, 3.0.3

Description The issue allows unauthenticated attackers to obtain contents of posts in draft, private, or pending review status that should not be visible to the general public. This applies to posts created with Elementor only. The ekit widgetarea content function is involved in this issue.

Recommendations For versions up to, and including, 3.0.3, update to a version later than 3.0.3 to resolve the issue. As a temporary workaround, consider restricting access to the ekit widgetarea content function until a patch is available.