Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Retrieve Embedded Sensitive Data.This issue affects Essential Addons for Elementor: from n/a through <= 6.1.9.
Published: 2025-04-16
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Sensible system information is exposed through the WPDeveloper Essential Addons for Elementor Lite plugin. The flaw allows an unauthenticated or minimally privileged user to retrieve embedded sensitive data that the plugin should protect, violating confidentiality principles. The weakness is classified as CWE‑497, indicating a failure to properly secure or remove sensitive data from memory or output streams.

Affected Systems

All installations of the WPDeveloper Essential Addons for Elementor Lite plugin, version 6.1.9 or earlier, are vulnerable. The issue applies to the Lite edition as identified by the CPE and vendor listing.

Risk and Exploitability

The CVSS score of 4.3 indicates a moderate threat level, and the EPSS score of less than 1% suggests a low probability of exploitation in the wild. Because the vulnerability is not listed in the CISA KEV catalog, it has not yet been observed in widespread targeted attacks. However, the likely attack vector is local or low‑privilege where an attacker can access the WordPress site or its configuration files; the description does not specify a remote code execution path, so a remote exploit is inferred to be unlikely based on the provided information.

Generated by OpenCVE AI on April 30, 2026 at 22:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Essential Addons for Elementor Lite plugin to version 6.2.0 or later to remove the exposure of sensitive data.
  • If immediate update is not possible, disable the plugin on critical sites until a patched version is released.
  • Implement file‑system permissions that restrict access to plugin configuration directories and sensitive files to prevent accidental disclosure.

Generated by OpenCVE AI on April 30, 2026 at 22:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-11293 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper Essential Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Essential Addons for Elementor: from n/a through 6.1.9.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper Essential Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Essential Addons for Elementor: from n/a through 6.1.9. Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Retrieve Embedded Sensitive Data.This issue affects Essential Addons for Elementor: from n/a through <= 6.1.9.
Title WordPress Essential Addons for Elementor <= 6.1.9 - Sensitive Data Exposure Vulnerability WordPress Essential Addons for Elementor plugin <= 6.1.9 - Sensitive Data Exposure Vulnerability
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Wed, 28 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:wpdeveloper:essential_addons_for_elementor:*:*:*:*:lite:wordpress:*:*

Wed, 16 Apr 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 16 Apr 2025 12:45:00 +0000

Type Values Removed Values Added
Description Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper Essential Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Essential Addons for Elementor: from n/a through 6.1.9.
Title WordPress Essential Addons for Elementor <= 6.1.9 - Sensitive Data Exposure Vulnerability
Weaknesses CWE-497
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Wpdeveloper Essential Addons For Elementor
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:35.200Z

Reserved: 2025-04-16T06:26:52.002Z

Link: CVE-2025-39589

cve-icon Vulnrichment

Updated: 2025-04-16T14:11:26.745Z

cve-icon NVD

Status : Modified

Published: 2025-04-16T13:15:51.540

Modified: 2026-04-23T15:29:50.743

Link: CVE-2025-39589

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T23:00:04Z

Weaknesses