What the vulnerability does
01Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Retrieve Embedded Sensitive Data.This issue affects Essential Addons for Elementor: from n/a through <= 6.1.9.
Explanation of Vulnerability in Simple Terms
02Summary
Essential Addons for Elementor versions up to 6.1.9 expose sensitive information to authenticated users. A logged-in user with low privileges can read data they should not have access to. The vulnerability requires an active user account but no special interaction. Update to a version newer than 6.1.9 to resolve this issue.
What an attacker can do
03Attacker Capabilities
Read sensitive information accessible only to higher-privilege users.
Potential impact on your site
04Site Impact
Authenticated users can access confidential data beyond their permission level.
Conditions required to exploit
05Prerequisites
Attacker must have a valid user account with low privileges on the site.
Key dates
06Disclosure timeline
April 16, 2025
CVE published
April 28, 2026
Record updated