Primary

Context

Elementor Website Builder Pro Sensitive Information Exposure Vulnerability

Vulnerability

Patched

A vulnerability allowing sensitive information exposure exists in the Elementor Website Builder Pro plugin for WordPress, affecting all versions through 3.25.10. The issue arises from the 'elementor-template' shortcode, which authenticated attackers with Contributor-level access and above can exploit to access sensitive data. This includes the content of Private, Pending, and Draft Templates. Although version 3.24.4 partially addressed this vulnerability, it remains a concern in the subsequent release.

Impact

Exploitation of this vulnerability allows authenticated users with Contributor-level access and above to access sensitive template data, including Private, Pending, and Draft Templates.

Remediation

Users can update to version 3.25.11 or a newer patched version to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

2.5

exploitability

5.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

2.5

exploitability

5.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Elementor Website Builder Pro Sensitive Information Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Elementor Website Builder Pro

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating