VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 15, 2025· Updated Apr 8, 2026

Elementor Addon Elements <= 1.13.10 - Authenticated (Contributor+) Sensitive Information Exposure via Modal Popup

CVE-2024-13215

Description

The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.10 via the 'render' function in modules/modal-popup/widgets/modal-popup.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, scheduled, and draft template data.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

The Elementor Addon Elements plugin for WordPress up to 1.13.10 exposes sensitive template data via the modal popup widget's render function to authenticated attackers with Contributor-level access.

Vulnerability

The Elementor Addon Elements plugin for WordPress versions up to and including 1.13.10 contains a sensitive information exposure vulnerability in the render function of the modal popup widget located in modules/modal-popup/widgets/modal-popup.php. This allows authenticated attackers with at least Contributor-level access to extract private, pending, scheduled, and draft template data that should be restricted.

Exploitation

An attacker with a Contributor-level account or higher can exploit this by crafting a request that triggers the vulnerable render function without proper authorization checks. No user interaction is required beyond the attacker's own authentication.

Impact

Successful exploitation results in unauthorized disclosure of sensitive template data, including private, pending, scheduled, and draft templates. This could leak unpublished content or drafts, leading to information disclosure and potential business or privacy impacts.

Mitigation

The vulnerability has been fixed in version 1.14.5 of the plugin, as indicated on the WordPress plugin repository [1]. Users are strongly advised to update to the latest version immediately. No workarounds are mentioned in the available references.

References
  1. Addon Elements for Elementor (formerly Elementor Addon Elements)

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3

Patches

1
r3221982
https://plugins.svn.wordpress.orgvia osv
commit

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.