Medium severity5.3OSV Advisory· Published Jan 16, 2026· Updated Apr 15, 2026
CVE-2026-1004
CVE-2026-1004
Description
The Essential Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 6.5.5 via the 'eael_product_quickview_popup' function. This makes it possible for unauthenticated attackers to retrieve WooCommerce product information for products with draft, pending, or private status, which should normally be restricted.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
32.2.0, 4.9.4, v4.9.1, …+ 1 more
- (no CPE)range: 2.2.0, 4.9.4, v4.9.1, …
- (no CPE)range: <=6.5.5
Patches
Vulnerability mechanics
References
7- github.com/WPDevelopers/essential-addons-for-elementor-lite/commit/4e43db06bcf12870cc3b185ed59b3fe2cd227945nvd
- plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Traits/Ajax_Handler.phpnvd
- plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Traits/Ajax_Handler.phpnvd
- plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Traits/Ajax_Handler.phpnvd
- plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Traits/Ajax_Handler.phpnvd
- plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Traits/Ajax_Handler.phpnvd
- www.wordfence.com/threat-intel/vulnerabilities/id/06ef9a21-e2b9-40c7-9de5-cff175fa10a5nvd
News mentions
0No linked articles in our index yet.