Executive Summary

The WordPress Elementor Addon Elements Plugin versions up to and including 1.14.4 have a vulnerability known as CVE-2026-28131, which is a Sensitive Data Exposure issue.

This vulnerability allows a malicious actor with Contributor or Developer privileges to access sensitive information that is normally restricted from regular users.

The vulnerability is categorized under the OWASP Top 10 category A3: Sensitive Data Exposure.

Useful 0 Not Useful 0

Impact Analysis

If exploited, this vulnerability could allow an attacker with certain privileges to retrieve sensitive information that should not be accessible to them.

Although the exposure of this data could potentially be leveraged to exploit other system weaknesses, the overall severity is rated as low with a CVSS score of 6.5.

The risk of exploitation is considered unlikely, but users should monitor for updates and consider mitigation strategies.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

I don't know

Useful 0 Not Useful 0

Mitigation Strategies

The vulnerability affects versions of the WordPress Elementor Addon Elements Plugin up to and including 1.14.4.

Since no official patch has been released as of the latest update, users are advised to monitor for updates from the plugin maintainers.

Consider limiting Contributor or Developer privileges to trusted users only, as the vulnerability allows actors with these roles to access sensitive information.

Implement general security best practices such as restricting access to sensitive data and monitoring user activities to reduce risk.

Useful 0 Not Useful 0