Unrated severityNVD Advisory· Published Feb 13, 2025· Updated Apr 8, 2026

DethemeKit For Elementor <= 2.1.8 - Authenticated (Contributor+) Protected Post Disclosure

CVE-2025-0661

Description

The DethemeKit For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the duplicate_post() function due to insufficient restrictions on which posts can be duplicated. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, draft, or scheduled posts that they should not have access to by duplicating the post.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Detheme/Dethemekit For Elementorllm-fuzzy2 versions
<=2.36+ 1 more
- (no CPE)range: <=2.36
- (no CPE)range: 0
WordPress/Dethemekit For Elementorwp-canonicalize
Package: https://wordpress.org/plugins/dethemekit-for-elementor

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000

DethemeKit For Elementor <= 2.1.8 - Authenticated (Contributor+) Protected Post Disclosure

Description

AI Insight

Affected products

Patches

Vulnerability mechanics

References

News mentions