The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.1 via the eli_option_value shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract arbitrary options from the wp_options table.
History

Thu, 12 Dec 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 12 Dec 2024 05:30:00 +0000

Type Values Removed Values Added
Description The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.1 via the eli_option_value shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract arbitrary options from the wp_options table.
Title ElementInvader Addons for Elementor <= 1.3.1 - Missing Authorization to Arbitrary Options Read
Weaknesses CWE-639
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-12-12T05:24:24.715Z

Updated: 2024-12-12T15:45:55.699Z

Reserved: 2024-12-02T20:36:46.562Z

Link: CVE-2024-12059

cve-icon Vulnrichment

Updated: 2024-12-12T15:21:35.353Z

cve-icon NVD

Status : Received

Published: 2024-12-12T06:15:23.167

Modified: 2024-12-12T06:15:23.167

Link: CVE-2024-12059

cve-icon Redhat

No data.