Primary

Context

WPZOOM Addons for Elementor Unauthenticated Protected Post Exposure Vulnerability

Vulnerability

Patched

A vulnerability exists in the WPZOOM Addons for Elementor – Starter Templates & Widgets plugin for WordPress, in all versions through 1.3.2. The issue arises from a missing capability check in the 'ajax_post_grid_load_more' function, allowing unauthenticated attackers to access protected post titles and excerpts (draft, future, pending) that should not be available to them.

Impact

Exploitation of this vulnerability leads to unauthorized access to protected post information, including titles and excerpts of drafts, future, and pending posts.

Remediation

Users can update to version 1.3.3 or a newer patched version to address this vulnerability.

Added: Feb 11, 2026, 10:19 AM

Updated: Feb 11, 2026, 4:36 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

8.2

remediation

7.7

relevance

2.7

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

8.2

remediation

7.7

relevance

2.7

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WPZOOM Addons for Elementor Unauthenticated Protected Post Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

WPZOOM Addons for Elementor

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating