CVE-2024-8978

Name of the Vulnerable Software and Affected Versions: The Essential Addons for Elementor plugin for WordPress versions up to, and including, 6.0.9

Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive data, including usernames and passwords of users who register via the Login | Register Form widget, as long as the user opens the email notification for successful registration. This is possible due to Sensitive Information Exposure in the init content register user email controls function.

Recommendations: For versions up to, and including, 6.0.9, consider disabling the init content register user email controls function as a temporary workaround until a patch is available. Restrict access to the Login | Register Form widget to minimize the risk of exploitation. Avoid using the widget for user registration until the issue is resolved. Update to a version later than 6.0.9 once it becomes available.