Unrated severityNVD Advisory· Published Nov 20, 2024· Updated Apr 8, 2026

The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.0.3 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates

CVE-2024-10365

Description

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.3 via the render function in modules/widgets/tp_carousel_anything.php, modules/widgets/tp_page_scroll.php, and other widgets. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.

Affected products

Posimyth/The Plus Addons For Elementorllm-fuzzy
Range: <=6.0.3
posimyththemes/The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommercev5
Range: 0
WordPress/The Plus Addons For Elementorwp-canonicalize

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000