First published: Wed Feb 19 2025(Updated: )
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.0 due to a missing capability checks on the get_megamenu_content() function. This makes it possible for unauthenticated attackers to view any item created in Elementor, such as posts, pages and templates including drafts, trashed and private items.
Credit: security@wordfence.com
Affected Software | Affected Version | How to fix |
---|---|---|
Wpmet ElementsKit Elementor Addons | <3.4.1 | |
ElementsKit | <=3.4.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-0968 is classified as a high severity vulnerability due to its potential for sensitive information exposure.
To fix CVE-2025-0968, update the ElementsKit Elementor addons plugin to version 3.4.1 or later.
CVE-2025-0968 affects all versions of the ElementsKit Elementor addons plugin for WordPress up to and including version 3.4.0.
CVE-2025-0968 is a vulnerability that allows for sensitive information exposure due to inadequate capability checks.
Yes, unauthenticated attackers can exploit CVE-2025-0968 to access sensitive information.