Vulnerability Database

309,136

Total vulnerabilities in the database

CVE-2024-10321

The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.4 in elements/advanced-tab/template/view.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.

Published: Mar 8, 2025
Updated: Nov 16, 2025
CVE: CVE-2024-10321
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
themesgrove / all-in-one_addons_for_elementor	-	2.5.4.x

https://plugins.trac.wordpress.org/browser/widgetkit-for-elementor/trunk/elements/advanced-tab/template/view.php#L68
https://www.wordfence.com/threat-intel/vulnerabilities/id/2e470017-c453-435d-8342-66874a794537?source=cve

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo