CVE-2023-3779 MEDIUM

CVE-2023-3779: Essential Addons For Elementor <=5.8.1 - Unauthenticated MailChimp API Key Disclosure

Vendor Wpdevteam

Product Essential Addons for Elementor – Popular Elementor Templates & Widgets

Weakness CWE-200 · Info exposure

Published July 20, 2023

Last update April 8, 2026

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

The Essential Addons For Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 5.8.1 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers to obtain a site's MailChimp API key. We recommend resetting any MailChimp API keys if running a vulnerable version of this plugin with the MailChimp block enabled as the API key may have been compromised. This only affects sites running the premium version of the plugin and that have the Mailchimp block enabled on a page.

Key dates

02Disclosure timeline

July 20, 2023 CVE published

April 8, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-3779

Related vulnerabilities

Identifiers

CVE CVE-2023-3779

CWE CWE-200

CVSS 5.3 / MEDIUM

Affected versions