{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T22:28:11.370","vulnerabilities":[{"cve":{"id":"CVE-2025-13997","sourceIdentifier":"security@wordfence.com","published":"2026-03-23T07:16:05.003","lastModified":"2026-03-23T14:31:37.267","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in all versions up to, and including, 51.1.49 due to the plugin adding the API keys to the HTML source code via render_full_form function. This makes it possible for unauthenticated attackers to extract site's Mailchimp, Facebook and Google API keys and secrets.\r\nThis vulnerability requires the Premium license to be installed"},{"lang":"es","value":"Los King Addons para Elementor – más de 4.000 secciones de Elementor listas, más de 650 plantillas, más de 70 widgets GRATUITOS para el plugin Elementor para WordPress es vulnerable a la divulgación de claves API no autenticadas en todas las versiones hasta la 51.1.49, inclusive, debido a que el plugin añade las claves API al código fuente HTML a través de la función render_full_form. Esto hace posible que atacantes no autenticados extraigan las claves y secretos API de Mailchimp, Facebook y Google del sitio. Esta vulnerabilidad requiere que la licencia Premium esté instalada."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/king-addons/tags/51.1.38/includes/widgets/Login_Register_Form/Login_Register_Form.php#L3065","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/7955b162-ed0f-4455-a429-ed292771c701?source=cve","source":"security@wordfence.com"}]}}]}