CVE-2023-6582
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.3 via the ekit_widgetarea_content function. This makes it possible for unauthenticated attackers to obtain contents of posts in draft, private or pending review status that should not be visible to the general public. This applies to posts created with Elementor only.
We have discovered 35,468 live websites that are affected by CVE-2023-6582.
Affected Software
| Product | |
| Category | Wordpress Plugins |
| Vulnerable Domains | 35,468 live websites (18.57% of ElementsKit install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 107 versions ( 75.89% of all versions) |
Details
- Published - Jan 11, 2024
- Updated - Aug 2, 2024
Credits
- Nex Team (finder)
CVE References
CVE-2023-6582 usage by Country
 United States | 10,425 websites |
 Germany | 4,287 websites |
 France | 2,110 websites |
 Cyprus | 1,619 websites |
 Brazil | 1,599 websites |
 GB | 1,305 websites |
 Russia | 1,151 websites |
 Poland | 1,066 websites |
 India | 772 websites |
 Spain | 720 websites |
CVE-2023-6582 usage by TLD
| .com | 14,722 websites |
| .com.br | 2,214 websites |
| .org | 1,327 websites |
| .de | 1,183 websites |
| .ru | 933 websites |
| .pl | 859 websites |
| .net | 757 websites |
| .fr | 666 websites |
| .co.uk | 654 websites |
| .com.au | 581 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-6582
Top websites that are affected by CVE-2023-6582. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *******.com | United States | **,*** | |
| ************.com | United States | **,*** | |
| ************.com | Cyprus | **,*** | |
| *******.nl |  Netherlands | **,*** | |
| **************.com | United States | **,*** | |
| ********.**.il |  Israel | **,*** | |
| ********.**.il | Israel | **,*** | |
| *************.com | United States | **,*** | |
| ***********.com | United States | **,*** | |
| ******.com | United States | **,*** |
FAQ
A total of 35,468 websites have been identified as vulnerable to CVE-2023-6582, discovered through global website indexing conducted by WebTechSurvey.
ElementsKit is susceptible to CVE-2023-6582 vulnerability.
ElementsKit versions before, and including, 3.0.3 are vulnerable to CVE-2023-6582.
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/ff4ae5c8-d164-4c2f-9bf3-83934c22cf4c?source=cve
- https://plugins.trac.wordpress.org/browser/elementskit-lite/tags/3.0.3/modules/controls/widget-area-utils.php#L15
- https://plugins.trac.wordpress.org/browser/elementskit-lite/tags/3.0.3/widgets/init/enqueue-scripts.php#L44
- https://plugins.trac.wordpress.org/changeset/3011323/elementskit-lite/trunk/modules/controls/widget-area-utils.php