The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private and draft posts created by Elementor that they should not have access to.
Metrics
Affected Vendors & Products
References
History
Wed, 04 Dec 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 04 Dec 2024 08:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private and draft posts created by Elementor that they should not have access to. | |
Title | LA-Studio Element Kit for Elementor <= 1.4.4 - Authenticated (Contributor+) Post Disclosure | |
Weaknesses | CWE-639 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-12-04T08:22:46.055Z
Updated: 2024-12-04T14:09:09.344Z
Reserved: 2024-11-04T14:00:58.287Z
Link: CVE-2024-10787
Vulnrichment
Updated: 2024-12-04T14:02:35.858Z
NVD
Status : Received
Published: 2024-12-04T09:15:04.323
Modified: 2024-12-04T09:15:04.323
Link: CVE-2024-10787
Redhat
No data.