WPZOOM Addons for Elementor – Starter Templates & Widgets

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Description

The WPZOOM Addons for Elementor – Starter Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajax_post_grid_load_more' function in all versions up to, and including, 1.3.2. This makes it possible for unauthenticated attackers to retrieve protected (draft, future, pending) post titles and excerpts that should not be accessible to unauthenticated users.

Basic Information

ID CVE-2026-2295

Source Wordfence

Published Feb 11, 2026 at 09:27

Affected Product

Vendor wpzoom

Product WPZOOM Addons for Elementor – Starter Templates & Widgets

Version *

Affected Versions wpzoom WPZOOM Addons for Elementor – Starter Templates & Widgets *

CWE Classification

CWE-200

References

{
    "lastseen": "",
    "description": "The WPZOOM Addons for Elementor \u2013 Starter Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajax_post_grid_load_more' function in all versions up to, and including, 1.3.2. This makes it possible for unauthenticated attackers to retrieve protected (draft, future, pending) post titles and excerpts that should not be accessible to unauthenticated users.",
    "published": "2026-02-11T09:27:15.103Z",
    "modified": "2026-02-11T09:27:15.103Z",
    "type": "cve",
    "title": "WPZOOM Addons for Elementor \u2013 Starter Templates & Widgets <= 1.3.2 - Unauthenticated Protected Post Exposure via ajax_post_grid_load_more",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b9961347-7c47-4fa1-af35-609c39a6cd8b?source=cve\nhttps://plugins.trac.wordpress.org/browser/wpzoom-elementor-addons/tags/1.3.1/includes/wpzoom-elementor-ajax-posts-grid.php#L66\nhttps://plugins.trac.wordpress.org/changeset/3458416/wpzoom-elementor-addons",
    "id": "CVE-2026-2295",
    "bulletinFamily": "",
    "cwe": [
        "CWE-200"
    ],
    "cvelist": null,
    "sourceData": "wpzoom WPZOOM Addons for Elementor \u2013 Starter Templates & Widgets *",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WPZOOM Addons for Elementor \u2013 Starter Templates & Widgets",
    "version": "*",
    "vendor": "wpzoom",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

WPZOOM Addons for Elementor – Starter Templates & Widgets <= 1.3.2 - Unauthenticated Protected Post Exposure via ajax_post_grid_load_more_CVE-2026-2295