{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-0968", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-02-01T21:47:17.502Z", "datePublished": "2025-02-19T11:10:39.448Z", "dateUpdated": "2026-04-08T16:49:04.756Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:49:04.756Z"}, "affected": [{"vendor": "roxnor", "product": "ElementsKit Elementor Addons \u2013 Advanced Widgets & Templates Addons for Elementor", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.4.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.0 due to a missing capability checks on the get_megamenu_content() function. This makes it possible for unauthenticated attackers to view any item created in Elementor, such as posts, pages and templates including drafts, trashed and private items."}], "title": "ElementsKit Elementor addons <= 3.4.0 - Unauthenticated Information Exposure via get_megamenu_content Function", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/432ac3b1-8f1d-442f-8e8d-62a1f26ba259?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/elementskit-lite/trunk/modules/megamenu/api.php#L47"}, {"url": "https://wordpress.org/plugins/elementskit-lite/#developers"}, {"url": "https://plugins.trac.wordpress.org/changeset/3237243/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-284 Improper Access Control", "cweId": "CWE-284", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Matthew Rollings"}], "timeline": [{"time": "2025-02-18T22:37:28.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-19T14:36:58.737641Z", "id": "CVE-2025-0968", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-19T14:37:10.760Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0968", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-19T14:36:58.737641Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-19T14:37:05.777Z"}}], "cna": {"title": "ElementsKit Elementor addons <= 3.4.0 - Unauthenticated Information Exposure via get_megamenu_content Function", "credits": [{"lang": "en", "type": "finder", "value": "Matthew Rollings"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}], "affected": [{"vendor": "xpeedstudio", "product": "ElementsKit Elementor addons", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "3.4.0"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-02-18T22:37:28.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/432ac3b1-8f1d-442f-8e8d-62a1f26ba259?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/elementskit-lite/trunk/modules/megamenu/api.php#L47"}, {"url": "https://wordpress.org/plugins/elementskit-lite/#developers"}, {"url": "https://plugins.trac.wordpress.org/changeset/3237243/"}], "descriptions": [{"lang": "en", "value": "The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.0 due to a missing capability checks on the get_megamenu_content() function. This makes it possible for unauthenticated attackers to view any item created in Elementor, such as posts, pages and templates including drafts, trashed and private items."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-02-19T11:10:39.448Z"}}}, "cveMetadata": {"cveId": "CVE-2025-0968", "state": "PUBLISHED", "dateUpdated": "2025-02-19T14:37:10.760Z", "dateReserved": "2025-02-01T21:47:17.502Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-02-19T11:10:39.448Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wpmet:elementskit_elementor_addons:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "7E2920A4-D3C8-4AD4-823B-2B9EF4ED20C1", "versionEndExcluding": "3.4.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.0 due to a missing capability checks on the get_megamenu_content() function. This makes it possible for unauthenticated attackers to view any item created in Elementor, such as posts, pages and templates including drafts, trashed and private items."}, {"lang": "es", "value": "El complemento ElementsKit Elementor para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 3.4.0 incluida debido a la falta de comprobaciones de capacidad en la funci\u00f3n get_megamenu_content(). Esto permite que atacantes no autenticados vean cualquier elemento creado en Elementor, como publicaciones, p\u00e1ginas y plantillas, incluidos borradores, elementos eliminados y privados."}], "id": "CVE-2025-0968", "lastModified": "2025-02-25T20:21:17.287", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2025-02-19T12:15:31.770", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/elementskit-lite/trunk/modules/megamenu/api.php#L47"}, {"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3237243/"}, {"source": "security@wordfence.com", "tags": ["Product", "Release Notes"], "url": "https://wordpress.org/plugins/elementskit-lite/#developers"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/432ac3b1-8f1d-442f-8e8d-62a1f26ba259?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "security@wordfence.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T17:56:42.778218+00:00", "value": {"mitigation_remediation": ["Upgrade ElementsKit Elementor Addons to version 3.4.1 or later to apply the fix that adds capability checks to get_megamenu_content.", "If an upgrade is not immediately possible, restrict access to the plugin\u2019s REST API endpoint by configuring a rule that allows only authenticated users with the edit_posts capability (or relevant) to call get_megamenu_content.", "As a temporary measure, disable the megamenu feature or set the plugin to maintenance mode to prevent unauthenticated access to megamenu content until a patch is applied."], "summary": {"action": "Apply Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "The affected vendor is roxnor, developer of ElementsKit Elementor Addons \u2013 Advanced Widgets & Templates Addons for Elementor. All releases up to version 3.4.0 are impacted, regardless of the WordPress installation version. Administrators should verify the installed plugin version; any deployment using 3.4.0 or earlier is vulnerable.", "description_and_impact": "The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 3.4.0 due to missing capability checks on the get_megamenu_content() function, a weakness classified as CWE-284 (Improper Authorization) and CWE-862 (Missing Authorization). This flaw permits anyone\u2014without authentication\u2014to retrieve the content of any Elementor item, including posts, pages, templates, drafts, trashed, or private items, thereby exposing confidential or unpublished data.", "risk_and_exploitability": "The CVSS score of 5.3 indicates moderate severity, and the EPSS score of less than 1% suggests a very low probability of exploitation in the wild. The vulnerability is listed as not included in CISA KEV, further indicating limited known exploitation. Attackers can exploit this via unauthenticated HTTP requests to the get_megamenu_content endpoint, which does not enforce proper authorization checks. An attacker would receive full HTML or JSON structures of Elementor elements, potentially revealing sensitive or unpublished data."}}}}, "created": "2026-04-22T18:00:05.483458+00:00", "updated": "2026-04-22T18:00:05.483473+00:00", "vendors": []}