CVE-2026-1004

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-1004

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-1004.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-1004

Published

2026-01-16T09:16:21.407Z

Modified

2026-04-10T05:38:08.965747Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

The Essential Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 6.5.5 via the 'eaelproductquickview_popup' function. This makes it possible for unauthenticated attackers to retrieve WooCommerce product information for products with draft, pending, or private status, which should normally be restricted.

References

Affected packages

Git / github.com/wpdevelopers/essential-addons-for-elementor-lite

Affected ranges

Type: GIT
Repo: https://github.com/wpdevelopers/essential-addons-for-elementor-lite
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4e43db06bcf12870cc3b185ed59b3fe2cd227945

Affected versions

2.*

2.2.0

4.*

4.9.4

v4.*

v4.9.1

v4.9.2

v4.9.3

v4.9.5

v4.9.6

v5.*

v5.0.0

v5.0.1

v5.0.10

v5.0.2

v5.0.3

v5.0.4

v5.0.5

v5.0.6

v5.0.7

v5.0.8

v5.0.9

v5.2.0

v5.2.1

v5.2.2

v5.2.3

v5.2.4

v5.3.0

v5.3.1

v5.3.2

v5.7.3

v5.8.0

v5.8.6

v5.8.7

v5.8.9

v5.9.0

v5.9.1

v5.9.2

v5.9.3

v6.*

v6.0.0

v6.0.1

v6.0.10

v6.0.11

v6.0.12

v6.0.13

v6.0.14

v6.0.15

v6.0.2

v6.0.3

v6.0.4

v6.0.5

v6.0.6

v6.1.0

v6.1.1

v6.1.10

v6.1.11

v6.1.12

v6.1.2

v6.1.3

v6.1.4

v6.1.9

v6.2.1

v6.2.2

v6.2.3

v6.2.4

v6.3.0

v6.3.3

v6.5.5

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-1004.json"