The Essential Addons for Elementor – Best Elementor Addon...
Moderate severity
Unreviewed
Published
Nov 15, 2024
to the GitHub Advisory Database
•
Updated Nov 15, 2024
Description
Published by the National Vulnerability Database
Nov 15, 2024
Published to the GitHub Advisory Database
Nov 15, 2024
Last updated
Nov 15, 2024
The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.9 via the 'init_content_register_user_email_controls' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including usernames and passwords of any users who register via the Login | Register Form widget, as long as that user opens the email notification for successful registration.
References