WordPress Plugin Vulnerabilities

Premium Addons for Elementor < 4.11.54 - Unauthenticated Information Exposure

Description

The plugin is vulnerable to Sensitive Information Exposure. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data.

Affects Plugins

Plugin icon
premium-addons-for-elementor
Fixed in 4.11.54

References

CVE
CVE-2025-68494
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/8e13e57e-becf-4f03-bba2-e4584c84b95c

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Mdr
Verified
No
WPVDB ID
3b041cbb-4712-4344-b28a-db3a4d06384a

Timeline

Publicly Published
2025-12-04 (about 5 months ago)
Added
2026-01-06 (about 4 months ago)
Last Updated
2026-01-06 (about 4 months ago)

Other

Published
Title
Published
2024-07-12
Title
Zephyr Project Manager < 3.3.100 - Unauthenticated Information Exposure
Published
2025-03-31
Title
GTM Kit < 2.4.1 - Unauthenticated Sensitive Information Exposure
Published
2024-08-12
Title
Order Export for WooCommerce < 3.24 - Unauthenticated Sensitive Information Exposure
Published
2025-12-15
Title
Fancy Product Designer | WooCommerce WordPress < 6.5.0 - Unauthenticated Information Disclosure and PHAR Deserialization via 'url' Parameter
Published
2025-07-29
Title
Atarim < 4.2.2 - Unauthenticated Information Exposure