What is the vulnerability ID for this vulnerability?

The vulnerability ID is CVE-2023-3709.

What is the severity of CVE-2023-3709?

The severity of CVE-2023-3709 is medium with a severity value of 5.3.

How does the vulnerability CVE-2023-3709 affect the Royal Elementor Addons plugin for WordPress?

The vulnerability affects versions up to, and including, 1.3.70 of the Royal Elementor Addons plugin for WordPress.

What is the impact of the vulnerability CVE-2023-3709?

The vulnerability allows unauthenticated attackers to disclose the API key of the MailChimp block on any page running the plugin.

Is there a fix available for the vulnerability CVE-2023-3709?

Yes, there is a fix available for the vulnerability CVE-2023-3709. Updating to a version above 1.3.70 resolves the issue.

Vulnerability/
CVE-2023-3709

medium

5.3

CWE

200

18/7/2023

5/2/2025

CVE-2023-3709: Infoleak

First published: Tue Jul 18 2023(Updated: )

The Royal Elementor Addons plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 1.3.70 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers to obtain a site's MailChimp API key. We recommend resetting any MailChimp API keys if running a vulnerable version of this plugin with the MailChimp block enabled as the API key may have been compromised.

Credit: security@wordfence.com

Affected Software	Affected Version	How to fix
Royal Elementor Addons	<=1.3.70

Remedy

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2938619%40royal-elementor-addons&new=2936984%40royal-elementor-addons&sfp_email=&sfph_mail=

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID for this vulnerability?
The vulnerability ID is CVE-2023-3709.
What is the severity of CVE-2023-3709?
The severity of CVE-2023-3709 is medium with a severity value of 5.3.
How does the vulnerability CVE-2023-3709 affect the Royal Elementor Addons plugin for WordPress?
The vulnerability affects versions up to, and including, 1.3.70 of the Royal Elementor Addons plugin for WordPress.
What is the impact of the vulnerability CVE-2023-3709?
The vulnerability allows unauthenticated attackers to disclose the API key of the MailChimp block on any page running the plugin.
Is there a fix available for the vulnerability CVE-2023-3709?
Yes, there is a fix available for the vulnerability CVE-2023-3709. Updating to a version above 1.3.70 resolves the issue.

collector/nvd-latest
agent/references
agent/author
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/remedy
agent/last-modified-date
agent/weakness
agent/first-publish-date
agent/description
agent/event
agent/source
agent/tags
collector/nvd-api
agent/software-canonical-lookup-request
collector/nvd-index
vendor/royal-elementor-addons
canonical/royal elementor addons
version/royal elementor addons/1.3.70

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.