Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Premium Addons for Elementor: from n/a through <= 4.11.53.
Published: 2025-12-24
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in Leap13 Premium Addons for Elementor allows an attacker to retrieve embedded sensitive data, which could expose sensitive system information to an unauthorized control sphere. The flaw is classified as a CWE‑497: Improper Handling of Sensitive Information. The exposed data may include configuration details or other sensitive information that could be leveraged to compromise further security controls.

Affected Systems

Leap13 Premium Addons for Elementor, versions from the earliest release up to and including 4.11.53, is affected. The vulnerability applies to all installations of this WordPress plugin that are at or below the specified version.

Risk and Exploitability

The CVSS score is 5.3, indicating moderate severity. The EPSS score is less than 1 %, suggesting a low probability of exploitation at present, and the vulnerability is not listed in the CISA KEV catalog. Because the seen issuable data is embedded within the plugin code, the likely attack vector is a local or authenticated user leveraging WordPress administrative access. An attacker with the ability to upload or configure the plugin could trigger the data retrieval mechanism.

Generated by OpenCVE AI on April 29, 2026 at 15:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Premium Addons for Elementor to version 4.11.54 or later, which contains the vendor‑supplied fix.
  • Remove any obsolete copies or backups of older plugin files to eliminate accidental exposure of legacy data.
  • Apply strict file‑system permissions to the plugin directories so that only the web server process can read configuration files, thereby preventing unauthorized local read access.

Generated by OpenCVE AI on April 29, 2026 at 15:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

 cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Tue, 20 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
References

Tue, 20 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
References

Wed, 31 Dec 2025 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:leap13:premium_addons_for_elementor:*:*:*:*:*:wordpress:*:*

Mon, 29 Dec 2025 23:15:00 +0000

Type Values Removed Values Added
First Time appeared Leap13
Leap13 premium Addons For Elementor
Wordpress
Wordpress wordpress
Vendors & Products Leap13
Leap13 premium Addons For Elementor
Wordpress
Wordpress wordpress

Wed, 24 Dec 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 24 Dec 2025 12:45:00 +0000

Type Values Removed Values Added
Description Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Premium Addons for Elementor: from n/a through <= 4.11.53.
Title WordPress Premium Addons for Elementor plugin <= 4.11.53 - Sensitive Data Exposure vulnerability
Weaknesses CWE-497
References

Subscriptions

Leap13 Premium Addons For Elementor
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:14:28.625Z

Reserved: 2025-12-19T10:16:41.920Z

Link: CVE-2025-68494

cve-icon Vulnrichment

Updated: 2025-12-24T19:13:13.672Z

cve-icon NVD

Status : Modified

Published: 2025-12-24T13:16:19.927

Modified: 2026-04-27T19:16:25.363

Link: CVE-2025-68494

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T15:45:14Z

Weaknesses