Skip to main content

Essential Addons For Elementor CVE-2024-3733

MEDIUM
Information Exposure (CWE-200)
2024-04-25 security@wordfence.com
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

2
Patch released
Apr 08, 2026 - 18:22 nvd
Patch available
CVE Published
Apr 25, 2024 - 09:15 nvd
MEDIUM 5.3

DescriptionCVE.org

The Essential Addons for Elementor - Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.9.15 via the ajax_load_more() , eael_woo_pagination_product_ajax(), and ajax_eael_product_gallery() functions. This makes it possible for unauthenticated attackers to extract posts that may be in private or draft status.

AnalysisAI

The Essential Addons for Elementor - Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. The Essential Addons for Elementor - Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.9.15 via the ajax_load_more() , eael_woo_pagination_product_ajax(), and ajax_eael_product_gallery() functions. This makes it possible for unauthenticated attackers to extract posts that may be in private or draft status. Affected products include: Wpdeveloper Essential Addons For Elementor.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2023-32243 CRITICAL POC
9.8 May 12

Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation.4.0 thro

CVE-2024-3018 HIGH
8.8 Mar 30

The Essential Addons for Elementor plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and

CVE-2024-1536 HIGH
7.4 Mar 13

The Essential Addons for Elementor - Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress

CVE-2024-4448 MEDIUM
6.4 May 14

The Essential Addons for Elementor - Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress

CVE-2024-5073 MEDIUM
6.4 May 30

The Essential Addons for Elementor - Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress

CVE-2024-4624 MEDIUM
6.4 May 14

The Essential Addons for Elementor - Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugins for WordPres

CVE-2024-5086 MEDIUM
6.4 May 29

The Essential Addons for Elementor PRO - Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordP

CVE-2024-5612 MEDIUM
6.4 Jun 07

The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eael_l

CVE-2024-4156 MEDIUM
6.4 May 02

The Essential Addons for Elementor - Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress

CVE-2024-3728 MEDIUM
6.4 May 02

The Essential Addons for Elementor - Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress

CVE-2024-4003 MEDIUM
6.4 May 02

The Essential Addons for Elementor - Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress

CVE-2024-3333 MEDIUM
6.4 Apr 17

The Essential Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribu

Share

CVE-2024-3733 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy