cvedb.io
CVE-2024-6455
MEDIUM · CVSS 5.3
EPSS exploitation probability: 0%
Published 2024-07-18T21:15:02.683 · Last modified 2026-06-17T08:18:03.137

Summary

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.0 due to a missing capability checks on ekit_widgetarea_content function. This makes it possible for unauthenticated attackers to view any item created in Elementor, such as posts, pages and templates including drafts, pending and private items.

Affected products

wpmet — elements_kit_elementor_addons

Does this affect you?

Add your gear to cvedb and we'll alert you only when wpmet ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.