The Agent Skills Directory

DATA_EXFILTRATION (LOW): Potential Information Disclosure via $_SERVER exposure.
Evidence: In resources/dynamic-tags.md, the Elementor_Dynamic_Tag_Server_Variable class allows selecting and rendering any key from the $_SERVER superglobal.
Details: While the output is sanitized with wp_kses_post() to prevent XSS, this functionality allows users with access to the Elementor editor to view server-side variables. Depending on the server configuration, these variables might contain sensitive data such as internal file paths, environment variables, or session-related headers.

elementor-themes