PT-2026-3237 · WordPress+1 · Essential Addons For Elementor+1
Shrikant Bhosale
·
Published
2026-01-16
·
Updated
2026-01-16
·
CVE-2026-1004
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Essential Addons for Elementor plugin for WordPress versions through 6.5.5
Description
The Essential Addons for Elementor plugin for WordPress is susceptible to exposure of sensitive information. An unauthenticated attacker can retrieve WooCommerce product information, including products with draft, pending, or private status, which should normally be restricted. This is possible through the
eael product quickview popup function.Recommendations
Update the Essential Addons for Elementor plugin to a version later than 6.5.5.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Elementor
Essential Addons For Elementor