DethemeKit For Elementor, Information Exposure Vulnerability CVE-2025-0661 (Medium Severity)

By /

2025-02-24

The DethemeKit For Elementor plugin for WordPress is vulnerable to information exposure in all versions up to and including 2.36. The vulnerability arises from the duplicate_post() function, which lacks sufficient restrictions on which posts can be duplicated. This allows authenticated attackers with Contributor-level access or higher to extract data from password-protected, private, draft, or scheduled posts by duplicating them. This unauthorized access could lead to the exposure of sensitive information.

The vulnerability has been assigned a CVSS 3.x score, reflecting its medium severity. The NVD published the vulnerability on 02/13/2025, with the last modification on 02/24/2025. The issue was reported by Wordfence, and users are advised to update the plugin to a patched version as soon as it becomes available.

Form:

Platform: WordPress
Version: 2.36
Vulnerability: Information Exposure
Severity: Medium
Date: 02/13/2025

What Undercode Say:

  1. DethemeKit For Elementor plugin has a vulnerability in all versions up to 2.36.
  2. The duplicate_post() function is the source of the issue.

3. Insufficient restrictions allow unauthorized post duplication.

  1. Authenticated attackers with Contributor-level access can exploit this.
  2. Sensitive posts like password-protected, private, draft, or scheduled are at risk.

6. The vulnerability is classified as medium severity.

7. CVSS 3.x scoring reflects the risk level.

8. NVD published the vulnerability on 02/13/2025.

9. Last modification by NVD was on 02/24/2025.

10. Wordfence reported the vulnerability.

  1. No inferences should be drawn from external links provided by NIST.
  2. NIST does not endorse commercial products mentioned on external sites.
  3. Users should update the plugin to a patched version.
  4. The vulnerability allows data extraction from restricted posts.

15. Contributor-level access is sufficient for exploitation.

  1. The issue highlights the importance of access control in plugins.

17.

References:

Reported By: https://nvd.nist.gov/vuln/detail/CVE-2025-0661
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top