WordPress Plugin Vulnerabilities

Essential Addons For Elementor < 5.8.2 - Unauthenticated MailChimp API Key Disclosure

Description

The plugin discloses the MailChimp API key in pages with the MailChimp block, allowing unauthenticated users to obtain such key

Affects Plugins

Plugin icon
essential-addons-for-elementor-lite
Fixed in 5.8.2

References

CVE
CVE-2023-3779

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Ulyses Saicha
Verified
No
WPVDB ID
c9c7e716-49c2-4b07-8c1c-9bf366573dff

Timeline

Publicly Published
2023-07-19 (about 2 years ago)
Added
2023-07-20 (about 2 years ago)
Last Updated
2023-07-20 (about 2 years ago)

Other

Published
Title
Published
2024-11-08
Title
CE21 Suite <= 2.2.0 - JWT Token Disclosure
Published
2026-01-21
Title
Salon booking system < 10.30.4 - Authenticated (Subscriber+) Information Exposure
Published
2022-04-23
Title
Metform Elementor Contact Form Builder < 2.1.4 - Unauthenticated API keys and Secrets Disclosure
Published
2025-08-14
Title
EventON Lite < 2.4.8 - Authenticated (Contributor+) Information Disclosure
Published
2025-05-29
Title
Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms < 1.4.5 - Unauthenticated Full Path Disclosure