EUVD-2026-16116
GHSA-6963-573w-vxvf
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
3Description
The Elementor Website Builder plugin for WordPress is vulnerable to Incorrect Authorization to Sensitive Information Exposure in all versions up to, and including, 3.35.7. This is due to a logic error in the is_allowed_to_read_template() function permission check that treats non-published templates as readable without verifying edit capabilities. This makes it possible for authenticated attackers, with contributor-level access and above, to read private or draft Elementor template content via the 'template_id' supplied to the 'get_template_data' action of the 'elementor_ajax' endpoint.
Analysis
The Elementor Website Builder plugin for WordPress contains an authorization bypass vulnerability in the is_allowed_to_read_template() function that incorrectly permits authenticated users with contributor-level privileges to read private and draft template content. Attackers can exploit this through the 'get_template_data' action of the 'elementor_ajax' endpoint by supplying a 'template_id' parameter, resulting in exposure of sensitive template information. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 30 days: Identify affected systems running for WordPress is vulnerable to Incorrect Authorization to Se and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today