The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.1 via the eli_option_value shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract arbitrary options from the wp_options table.
Metrics
Affected Vendors & Products
References
History
Thu, 12 Dec 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 12 Dec 2024 05:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.1 via the eli_option_value shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract arbitrary options from the wp_options table. | |
Title | ElementInvader Addons for Elementor <= 1.3.1 - Missing Authorization to Arbitrary Options Read | |
Weaknesses | CWE-639 | |
References |
|
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-12-12T05:24:24.715Z
Updated: 2024-12-12T15:45:55.699Z
Reserved: 2024-12-02T20:36:46.562Z
Link: CVE-2024-12059
Vulnrichment
Updated: 2024-12-12T15:21:35.353Z
NVD
Status : Received
Published: 2024-12-12T06:15:23.167
Modified: 2024-12-12T06:15:23.167
Link: CVE-2024-12059
Redhat
No data.