Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates < 1.6.9 – Authenticated (Contributor+) Sensitive Information Exposure | CVE 2025-2228 | Plugin Vulnerabilities

Description

The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.8 the 'register_user' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including usernames and passwords of any users who register via the Edit Login | Registration Form widget, as long as that user opens the email notification for successful registration.

Affects Plugins

responsive-addons-for-elementor

Fixed in 1.6.9

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/659ef2e8-589c-4901-88ce-1d674c056ece

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Original Researcher

wesley (wcraft)

Verified

No

WPVDB ID

6d38150d-d33e-48a0-b50d-42880b4bb5a9

Timeline

Publicly Published

2025-03-25 (about 1 year ago)

Added

2025-03-26 (about 1 year ago)

Last Updated

2025-03-26 (about 1 year ago)

Other

Published

Title

Published

2023-06-26

Title

EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor < 3.8.0 - Sensitive Data Disclosure

Published

2025-08-14

Title

B Slider - Gutenberg Slider Block for WP < 2.0.1 - Authenticated (Subscriber+) Sensitive Information Exposure

Published

2024-06-04

Title

LearnPress – WordPress LMS Plugin < 4.2.6.8.1 - Basic Information Disclosure via JSON API

Published

2025-09-22

Title

Helpie FAQ < 1.46 - Unauthenticated Sensitive Information Exposure

Published

2025-05-02

Title

Database Toolset <= 1.8.4 - Unauthenticated Sensitive Information Exposure via Backup Files