CVE-2023-4723 in Elementor Addon Elements Plugin
Summary
by MITRE • 11/16/2023
The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.12.7 via the ajax_eae_post_data function. This can allow unauthenticated attackers to extract sensitive data including post/page ids and titles including those of with pending/draft/future/private status.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 04/11/2026
The Elementor Addon Elements plugin for WordPress presents a critical security vulnerability through its ajax_eae_post_data function, which exposes sensitive information to unauthenticated attackers. This flaw affects all versions up to and including 1.12.7, making it a widespread concern for WordPress users who rely on this popular page builder addon. The vulnerability stems from inadequate access controls within the plugin's ajax endpoint implementation, allowing any user to query and retrieve detailed post information without proper authentication or authorization.
The technical exploitation of this vulnerability occurs through the ajax_eae_post_data function which fails to implement proper user authentication checks before returning post data. When an attacker accesses this endpoint, they can extract comprehensive information including post identifiers, titles, and status information for posts that are normally restricted to authorized users. This includes posts in draft, pending, future, and private statuses that should remain confidential until published or authorized for viewing. The flaw essentially bypasses WordPress's inherent permission system by providing direct access to internal post data structures through an exposed ajax interface.
The operational impact of this vulnerability extends beyond simple information disclosure, as it enables attackers to gather intelligence about content strategies, unpublished work, and potential security weaknesses within a website's content management system. Attackers can identify which pages or posts are under development, determine content creation patterns, and potentially discover sensitive information embedded within draft or private content. This reconnaissance capability significantly increases the risk profile for websites using vulnerable versions of the plugin, as it provides attackers with detailed insights into content management practices and potential targets for further exploitation.
Security professionals should consider this vulnerability as a medium to high severity issue when assessing WordPress environments, particularly those utilizing Elementor Addon Elements plugin. The flaw aligns with CWE-200 (Information Exposure) and represents a clear violation of the principle of least privilege in web application security. According to ATT&CK framework, this vulnerability maps to T1213 (Data from Information Repositories) and T1566 (Phishing) as attackers can use the exposed information to craft more convincing social engineering campaigns. Organizations should immediately update to patched versions of the plugin, implement network-level restrictions on ajax endpoints, and conduct thorough security audits of all installed WordPress plugins to identify similar exposure vulnerabilities.
The remediation approach requires immediate patching of the Elementor Addon Elements plugin to version 1.12.8 or later, which contains the necessary access control fixes. System administrators should also implement proper monitoring of ajax endpoint access patterns to detect anomalous queries that might indicate exploitation attempts. Additionally, implementing rate limiting and IP-based access controls for ajax endpoints can provide additional defense-in-depth measures. Security teams should also review their incident response procedures to ensure proper handling of information disclosure events and consider conducting penetration testing to verify that similar vulnerabilities do not exist in other plugins or custom implementations within their WordPress environments.