The Futurio Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.0.13 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts that they should not have access to.
Metrics
Affected Vendors & Products
References
History
Thu, 14 Nov 2024 20:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Futuriowp
Futuriowp futurio Extra |
|
CPEs | cpe:2.3:a:futuriowp:futurio_extra:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Futuriowp
Futuriowp futurio Extra |
Tue, 12 Nov 2024 12:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 12 Nov 2024 03:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Futurio Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.0.13 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts that they should not have access to. | |
Title | Futurio Extra <= 2.0.13 - Authenticated (Contributor+) Post Disclosure | |
Weaknesses | CWE-639 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-11-12T03:24:57.460Z
Updated: 2024-11-12T11:20:22.999Z
Reserved: 2024-11-01T16:25:57.223Z
Link: CVE-2024-10695
Vulnrichment
Updated: 2024-11-12T11:20:09.289Z
NVD
Status : Analyzed
Published: 2024-11-12T04:15:04.610
Modified: 2024-11-14T19:44:16.020
Link: CVE-2024-10695
Redhat
No data.