Search criteria
2 vulnerabilities found for WPZOOM Addons for Elementor – Starter Templates & Widgets by wpzoom
CVE-2026-2295 (GCVE-0-2026-2295)
Vulnerability from nvd – Published: 2026-02-11 09:27 – Updated: 2026-02-11 15:20
VLAI?
Title
WPZOOM Addons for Elementor – Starter Templates & Widgets <= 1.3.2 - Unauthenticated Protected Post Exposure via ajax_post_grid_load_more
Summary
The WPZOOM Addons for Elementor – Starter Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajax_post_grid_load_more' function in all versions up to, and including, 1.3.2. This makes it possible for unauthenticated attackers to retrieve protected (draft, future, pending) post titles and excerpts that should not be accessible to unauthenticated users.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpzoom | WPZOOM Addons for Elementor – Starter Templates & Widgets |
Affected:
* , ≤ 1.3.2
(semver)
|
Credits
Craig Smith
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2295",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-11T15:20:23.230467Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T15:20:31.931Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WPZOOM Addons for Elementor \u2013 Starter Templates \u0026 Widgets",
"vendor": "wpzoom",
"versions": [
{
"lessThanOrEqual": "1.3.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Craig Smith"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WPZOOM Addons for Elementor \u2013 Starter Templates \u0026 Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the \u0027ajax_post_grid_load_more\u0027 function in all versions up to, and including, 1.3.2. This makes it possible for unauthenticated attackers to retrieve protected (draft, future, pending) post titles and excerpts that should not be accessible to unauthenticated users."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T09:27:15.103Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b9961347-7c47-4fa1-af35-609c39a6cd8b?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpzoom-elementor-addons/tags/1.3.1/includes/wpzoom-elementor-ajax-posts-grid.php#L66"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3458416/wpzoom-elementor-addons"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-10T20:36:46.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-02-10T21:12:39.000Z",
"value": "Disclosed"
}
],
"title": "WPZOOM Addons for Elementor \u2013 Starter Templates \u0026 Widgets \u003c= 1.3.2 - Unauthenticated Protected Post Exposure via ajax_post_grid_load_more"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-2295",
"datePublished": "2026-02-11T09:27:15.103Z",
"dateReserved": "2026-02-10T16:22:48.874Z",
"dateUpdated": "2026-02-11T15:20:31.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2295 (GCVE-0-2026-2295)
Vulnerability from cvelistv5 – Published: 2026-02-11 09:27 – Updated: 2026-02-11 15:20
VLAI?
Title
WPZOOM Addons for Elementor – Starter Templates & Widgets <= 1.3.2 - Unauthenticated Protected Post Exposure via ajax_post_grid_load_more
Summary
The WPZOOM Addons for Elementor – Starter Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajax_post_grid_load_more' function in all versions up to, and including, 1.3.2. This makes it possible for unauthenticated attackers to retrieve protected (draft, future, pending) post titles and excerpts that should not be accessible to unauthenticated users.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpzoom | WPZOOM Addons for Elementor – Starter Templates & Widgets |
Affected:
* , ≤ 1.3.2
(semver)
|
Credits
Craig Smith
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2295",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-11T15:20:23.230467Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T15:20:31.931Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WPZOOM Addons for Elementor \u2013 Starter Templates \u0026 Widgets",
"vendor": "wpzoom",
"versions": [
{
"lessThanOrEqual": "1.3.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Craig Smith"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WPZOOM Addons for Elementor \u2013 Starter Templates \u0026 Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the \u0027ajax_post_grid_load_more\u0027 function in all versions up to, and including, 1.3.2. This makes it possible for unauthenticated attackers to retrieve protected (draft, future, pending) post titles and excerpts that should not be accessible to unauthenticated users."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T09:27:15.103Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b9961347-7c47-4fa1-af35-609c39a6cd8b?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpzoom-elementor-addons/tags/1.3.1/includes/wpzoom-elementor-ajax-posts-grid.php#L66"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3458416/wpzoom-elementor-addons"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-10T20:36:46.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-02-10T21:12:39.000Z",
"value": "Disclosed"
}
],
"title": "WPZOOM Addons for Elementor \u2013 Starter Templates \u0026 Widgets \u003c= 1.3.2 - Unauthenticated Protected Post Exposure via ajax_post_grid_load_more"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-2295",
"datePublished": "2026-02-11T09:27:15.103Z",
"dateReserved": "2026-02-10T16:22:48.874Z",
"dateUpdated": "2026-02-11T15:20:31.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}