What the vulnerability does
01Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in honzat Page Manager for Elementor page-manager-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Page Manager for Elementor: from n/a through <= 2.0.5.
Explanation of Vulnerability in Simple Terms
02Summary
Page Manager for Elementor versions up to 2.0.5 expose sensitive information to authenticated users. A logged-in attacker with low privileges can read data they should not have access to. The vulnerability requires a valid user account but no additional user interaction. Update to a version newer than 2.0.5.
What an attacker can do
03Attacker Capabilities
Read sensitive information accessible only to higher-privileged users.
Potential impact on your site
04Site Impact
Authenticated users can access confidential data beyond their permission level.
Conditions required to exploit
05Prerequisites
Attacker must have a valid low-privilege user account on the site.
Key dates
06Disclosure timeline
September 26, 2025
CVE published
April 28, 2026
Record updated