Exclusive Addons for Elementor < 2.7.5 – Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates | CVE 2024-10312 | Plugin Vulnerabilities

Description

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.4 via the render function in elements/tabs/tabs.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.

Affects Plugins

exclusive-addons-for-elementor

Fixed in 2.7.5

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/dc931943-13f3-4ab1-b70f-c234253ca269

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Original Researcher

Ankit Patel

Verified

No

WPVDB ID

2be4f2e0-8e53-4492-a686-b76db62099f0

Timeline

Publicly Published

2024-10-28 (about 1 year ago)

Added

2024-10-28 (about 1 year ago)

Last Updated

2024-10-29 (about 1 year ago)

Other

Published

Title

Published

2025-12-15

Title

Fancy Product Designer | WooCommerce WordPress < 6.5.0 - Unauthenticated Information Disclosure and PHAR Deserialization via 'url' Parameter

Published

2026-04-01

Title

W3 Total Cache < 2.9.4 - Unauthenticated Security Token Exposure via User-Agent Header

Published

2025-04-04

Title

1 Click WordPress Migration <= 2.2 - Unauthenticated Information Disclsoure

Published

2023-11-30

Title

Quiz Maker < 6.4.9.5 - Unauthenticated Email Address Disclosure

Published

2025-12-21

Title

Contact Form 7 Extension For Mailchimp < 0.9.69 - Authenticated (Contributor+) Information Exposure