CVE-2026-7665
MediumCVSS 5.3Summary
The Essential Addons for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to and including 6.6.4 due to insufficient restrictions in the ajax_load_more function. This allows unauthenticated attackers to extract data from password protected, private, or draft posts.
Risk Assessment
The organization may be exposed to the leakage of sensitive information, which could lead to breaches of user privacy and loss of trust in the system.
Recommendation
It is recommended to update the plugin to the latest version and implement additional security measures to restrict access to sensitive data.
Original NVD description (English source)
The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.6.4 via the ajax_load_more function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to.

