PT-2026-7511 · WordPress · Wpzoom Addons For Elementor – Starter Templates & Widgets

Craig Smith

Published

2026-02-11

Updated

2026-02-11

CVE-2026-2295

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions WPZOOM Addons for Elementor – Starter Templates & Widgets versions prior to 1.3.3

Description The WPZOOM Addons for Elementor – Starter Templates & Widgets plugin for WordPress has a flaw that allows unauthorized access to data. This is due to a missing capability check on the ajax post grid load more function. An unauthenticated attacker can retrieve protected post titles and excerpts (draft, future, pending) that should not be publicly accessible.

Recommendations Update WPZOOM Addons for Elementor – Starter Templates & Widgets to version 1.3.3 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2026-2295

Affected Products

Wpzoom Addons For Elementor – Starter Templates & Widgets

CVE-2026-2295

Weakness Enumeration

Related Identifiers

Affected Products

References · 8