Premium Addons for Elementor
Moderate fix1 remedy
cpe:2.3:a:leap13:premium_addons_for_elementor:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 4.11.53
Premium Addons for Elementor Unauthorized Data Access Vulnerability
Vulnerability
Patched
A vulnerability in the Premium Addons for Elementor plugin for WordPress allows unauthorized access to data. This issue arises from a missing capability check in the 'get_template_content' function, present in all versions up to and including 4.11.53. As a result, unauthenticated attackers can view the content of private, draft, and pending templates.
Impact
Exploitation of this vulnerability could lead to unauthorized access to sensitive template data, including private, draft, and pending content.
Reproduction
The vulnerability can be reproduced by sending an AJAX request to the 'wp_ajax_nopriv_get_elementor_template_content' action. This request must include the 'templateID' parameter, which can be the ID of any private, draft, or pending Elementor template. The absence of a capability check allows the request to be processed, even by unauthenticated users, resulting in the exposure of the requested template content.
Remediation
Users can update the Premium Addons for Elementor plugin to version 4.11.54 or later, where this vulnerability has been addressed.
Added: Dec 23, 2025, 10:28 AM
Updated: Dec 23, 2025, 3:28 PM
Vulnerability Rating
Custom Algorithm
spread
5.2impact
2.5exploitability
9.3remediation
7.7relevance
1.5threat
4.8urgency
2.9incentive
10.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.