The vulnerability is a path traversal flaw (CWE‑22) that allows an attacker to read arbitrary files from the server. By supplying a specially crafted file path through the plugin's input interface, malicious actors can bypass the intended directory restriction and obtain sensitive data such as configuration files, user uploads, or other confidential information. This may lead to confidentiality compromise and potential further exploitation if the attacker can read credentials or other secrets. Based on the description, it is inferred that the attacker would supply the crafted path through the plugin's user interface.

This issue affects the RedefiningTheWeb PDF Generator Addon for Elementor Page Builder plugin, versions from the initial release up to and including 1.7.5. Any WordPress site running this plugin within the stated version range is vulnerable.

The CVSS score of 7.5 indicates a high severity risk. The low EPSS score (<1%) suggests that, as of the latest data, exploitation is unlikely but still possible. The vulnerability is not listed in the CISA KEV catalog, implying no confirmed exploitation yet. Attackers would likely exploit the flaw via the plugin's frontend or admin interface by submitting a crafted path; shared hosting users or automated bots could attempt the read without user interaction. If successful, the attacker attains read‑only access to files within the server’s filesystem.