The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.8 in inc/Widgets/accordion/output/content.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.
Metrics
Affected Vendors & Products
References
History
Tue, 17 Dec 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 17 Dec 2024 13:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.8 in inc/Widgets/accordion/output/content.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. | |
Title | ElementsReady Addons for Elementor <= 6.4.8 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates | |
Weaknesses | CWE-200 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-12-17T12:43:38.479Z
Updated: 2024-12-17T17:28:56.942Z
Reserved: 2024-10-24T16:03:33.275Z
Link: CVE-2024-10356
Vulnrichment
Updated: 2024-12-17T15:25:03.630Z
NVD
Status : Received
Published: 2024-12-17T13:15:17.520
Modified: 2024-12-17T13:15:17.520
Link: CVE-2024-10356
Redhat
No data.