NVD脆弱性詳細

Exploit、PoC検索

NVD脆弱性検索トップ

->

NVD脆弱性詳細

CVE-2026-7665

概要	The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.6.4 via the ajax_load_more function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to.
公表日	2026年6月6日13:17
登録日	2026年6月7日4:12
最終更新日	2026年6月6日13:17

CVSS3.1 : MEDIUM
スコア	5.3
ベクター	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	不要
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	低
完全性への影響(I)	なし
可用性への影響(A)	なし

関連情報、対策とツール

No	URL	refsource	タグ
1	https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/6.5.13/includes/Traits/Ajax_Handler.php#L106	security@wordfence.com
2	https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/6.5.13/includes/Traits/Ajax_Handler.php#L1601	security@wordfence.com
3	https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/6.5.13/includes/Traits/Ajax_Handler.php#L197	security@wordfence.com
4	https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/6.5.13/includes/Traits/Ajax_Handler.php#L292	security@wordfence.com
5	https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/6.6.3/includes/Traits/Ajax_Handler.php#L106	security@wordfence.com
6	https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/6.6.3/includes/Traits/Ajax_Handler.php#L1601	security@wordfence.com
7	https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/6.6.3/includes/Traits/Ajax_Handler.php#L197	security@wordfence.com
8	https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/6.6.3/includes/Traits/Ajax_Handler.php#L292	security@wordfence.com
9	https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Traits/Ajax_Handler.php#L106	security@wordfence.com
10	https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Traits/Ajax_Handler.php#L1601	security@wordfence.com
11	https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Traits/Ajax_Handler.php#L197	security@wordfence.com
12	https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Traits/Ajax_Handler.php#L292	security@wordfence.com
13	https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3541534%40essential-addons-for-elementor-lite&new=3541534%40essential-addons-for-elementor-lite&sfp_email=&sfph_mail=	security@wordfence.com
14	https://www.wordfence.com/threat-intel/vulnerabilities/id/861ece65-bee7-4124-b1a8-de9fb0c1cbc7?source=cve	security@wordfence.com

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-639	ユーザ制御の鍵による認証回避	https://cwe.mitre.org/data/definitions/639.html