The Shortcodes for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.4 via the 'SHORTCODE_ELEMENTOR' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private and draft posts created with Elementor that they should not have access to.
Metrics
Affected Vendors & Products
References
History
Mon, 16 Dec 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Sat, 14 Dec 2024 05:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Shortcodes for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.4 via the 'SHORTCODE_ELEMENTOR' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private and draft posts created with Elementor that they should not have access to. | |
Title | Shortcodes for Elementor <= 1.0.4 - Authenticated (Contributor+) Post Disclosure | |
Weaknesses | CWE-639 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-12-14T05:34:14.548Z
Updated: 2024-12-16T17:48:56.441Z
Reserved: 2024-11-01T15:25:50.364Z
Link: CVE-2024-10690
Vulnrichment
Updated: 2024-12-16T16:50:20.808Z
NVD
Status : Received
Published: 2024-12-14T06:15:19.057
Modified: 2024-12-14T06:15:19.057
Link: CVE-2024-10690
Redhat
No data.