Vulnerability Description
The Elementor Website Builder plugin for WordPress is vulnerable to Incorrect Authorization to Sensitive Information Exposure in all versions up to, and including, 3.35.7. This is due to a logic error in the is_allowed_to_read_template() function permission check that treats non-published templates as readable without verifying edit capabilities. This makes it possible for authenticated attackers, with contributor-level access and above, to read private or draft Elementor template content via the 'template_id' supplied to the 'get_template_data' action of the 'elementor_ajax' endpoint.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/changeset/3489160/elementor/trunk/includes/te
- https://www.wordfence.com/threat-intel/vulnerabilities/id/a4420935-4952-4460-afc
FAQ
What is CVE-2026-1206?
CVE-2026-1206 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The Elementor Website Builder plugin for WordPress is vulnerable to Incorrect Authorization to Sensitive Information Exposure in all versions up to, and including, 3.35.7. This is due to a logic error...
How severe is CVE-2026-1206?
CVE-2026-1206 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-1206?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.