Primary

Context

King Addons for Elementor Unauthenticated API Key Disclosure Vulnerability

Vulnerability

A vulnerability exists in the King Addons for Elementor plugin for WordPress, affecting all versions up to and including 51.1.49. The issue arises from the plugin's 'render_full_form' function, which inadvertently exposes API keys for Mailchimp, Facebook, and Google in the HTML source code. This flaw allows unauthenticated attackers to extract these sensitive keys and secrets. Notably, the vulnerability requires the Premium license to be active.

Impact

Exploitation of this vulnerability leads to the unauthorized disclosure of API keys and secrets for Mailchimp, Facebook, and Google, potentially allowing attackers to misuse these credentials.

Remediation

Users can update to version 51.1.51 or a newer patched version to address this vulnerability.

Added: Mar 23, 2026, 7:21 AM

Updated: Mar 23, 2026, 7:21 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.7

remediation

0.0

relevance

4.5

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.7

remediation

0.0

relevance

4.5

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

King Addons for Elementor Unauthenticated API Key Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating