cbcvebase.
CVE-2025-14155
published 2025-12-23

CVE-2025-14155: The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing…

PriorityP179medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
0.71%
49.1th percentile
The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_template_content' function in all versions up to, and including, 4.11.53. This makes it possible for unauthenticated attackers to view the content of private, draft, and pending templates.

Affected

5 ranges
VendorProductVersion rangeFixed in
leap13premium_addons_for_elementor< 4.11.544.11.54
leap13premium_addons_for_elementor_powerful_elementor_templates_widgets<= 4.11.53
msrccbl_mariner_1.0_arm
msrccbl_mariner_1.0_x64
msrccm1_pcre_8.44-1_on_cbl_mariner_1.0

Detection & IOCsextracted from sources · hover to see the quote

url/wp-admin/admin-ajax.php?action=get_elementor_template_content&templateID={{template_id}}&is_id=true
path/wp-content/plugins/premium-addons-for-elementor/
  • Detect unauthenticated GET requests to admin-ajax.php with action=get_elementor_template_content and is_id=true parameter — the core exploit pattern for this CVE.
  • Successful exploitation returns a JSON response body containing both '"success":true' and '"template_content"' with HTTP 200 and Content-Type application/json — use these as confirmation matchers.
  • The vulnerable AJAX handler is get_template_content() / get_elementor_template_content — monitor WordPress AJAX logs for unauthenticated calls to this action.
  • Requests include the X-Requested-With: XMLHttpRequest header — correlate this with unauthenticated sessions hitting admin-ajax.php for the specific action.
  • ·The Nuclei template uses a randomized templateID (rand_int 1–100); real attackers may enumerate a wider range of IDs to maximize template content disclosure. Detection rules should not be limited to this range.
  • ·All versions up to and including 4.11.53 are vulnerable; the fix is present in versions beyond 4.11.53. Ensure version-based detection/blocking covers the full affected range.

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
vulncheck5.3MEDIUM
vendor_msrc5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.