Description
The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.8 the 'register_user' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including usernames and passwords of any users who register via the Edit Login | Registration Form widget, as long as that user opens the email notification for successful registration.
Published: 2025-03-26
Score: 5.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive Information Exposure
Action: Patch
AI Analysis

Impact

The Responsive Addons for Elementor – Free Elementor Addons plugin contains a flaw in the register_user function that allows authenticated attackers with Contributor or higher privileges to read usernames and passwords of users who register through the plugin’s Edit Login | Registration Form widget. When the notified user opens the success registration email, the stored credentials are exposed, compromising the confidentiality of all active users.

Affected Systems

The vulnerability affects the Responsive Addons for Elementor – Free Elementor Addons Plugin provided by Cyberchimps, for all WordPress installations running version 1.6.8 or earlier.

Risk and Exploitability

The CVSS score of 5.7 indicates a moderate impact, but the EPSS score of < 1% suggests that exploitation is unlikely as of now. The plugin is not listed in the CISA KEV catalog. Attacks require that the adversary is already authenticated with Contributor or higher access and that a target user opens the registration success email, which gives the attacker direct read privileges to the secret information.

Generated by OpenCVE AI on April 22, 2026 at 01:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Responsive Addons for Elementor – Free Elementor Addons Plugin to a version later than 1.6.8 to remove the register_user exposure flaw.
  • Disable or remove the Edit Login | Registration Form widget from pages that do not require it, or configure the plugin to suppress email notifications for new registrations.
  • Limit Contributor-level accounts and enforce the principle of least privilege: reduce or remove the capability to manage user registrations from Contributor role.
  • Regularly inspect registration and email logs for unusual activity and verify that no unauthorized user information is being accessed.

Generated by OpenCVE AI on April 22, 2026 at 01:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-8132 The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.8 the 'register_user' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including usernames and passwords of any users who register via the Edit Login | Registration Form widget, as long as that user opens the email notification for successful registration.
History

Sat, 09 Aug 2025 02:00:00 +0000

Type Values Removed Values Added
First Time appeared Cyberchimps
Cyberchimps responsive Addons For Elementor
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:cyberchimps:responsive_addons_for_elementor:*:*:*:*:*:wordpress:*:*
Vendors & Products Cyberchimps
Cyberchimps responsive Addons For Elementor

Wed, 26 Mar 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 26 Mar 2025 13:00:00 +0000

Type Values Removed Values Added
Description The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.8 the 'register_user' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including usernames and passwords of any users who register via the Edit Login | Registration Form widget, as long as that user opens the email notification for successful registration.
Title Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates <= 1.6.8 - Authenticated (Contributor+) Sensitive Information Exposure
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 5.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N'}

Subscriptions

Cyberchimps Responsive Addons For Elementor
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T16:57:50.973Z

Reserved: 2025-03-11T19:50:46.379Z

Link: CVE-2025-2228

cve-icon Vulnrichment

Updated: 2025-03-26T13:11:30.716Z

cve-icon NVD

Status : Analyzed

Published: 2025-03-26T13:15:36.373

Modified: 2025-08-09T01:46:19.587

Link: CVE-2025-2228

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T02:00:05Z

Weaknesses