PT-2026-27061 · Elementor+4 · Elementor+4
Ulyses Saicha
·
Published
2026-03-23
·
Updated
2026-03-23
·
CVE-2025-13997
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
King Addons for Elementor versions through 51.1.49
Description
The King Addons for Elementor plugin for WordPress is susceptible to unauthenticated disclosure of API keys. The plugin adds API keys to the HTML source code through the
render full form function, potentially allowing unauthenticated attackers to extract Mailchimp, Facebook, and Google API keys and secrets. This requires a Premium license to be installed. Reports indicate offensive activities targeting this issue.Recommendations
Versions prior to and including 51.1.49 should be updated.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Elementor
Facebook
Google
Qi Addons For Elementor
Mailchimp