The Events Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.3 via the naevents_elementor_template shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.
Metrics
Affected Vendors & Products
References
History
Wed, 18 Dec 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 18 Dec 2024 03:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Events Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.3 via the naevents_elementor_template shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. | |
Title | Events Addon for Elementor <= 2.2.3 - Authenticated (Contributor+) Post Disclosure | |
Weaknesses | CWE-639 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-12-18T03:22:07.346Z
Updated: 2024-12-18T16:33:59.336Z
Reserved: 2024-12-02T20:40:21.531Z
Link: CVE-2024-12061
Vulnrichment
Updated: 2024-12-18T16:24:06.157Z
NVD
Status : Received
Published: 2024-12-18T04:15:07.500
Modified: 2024-12-18T04:15:07.500
Link: CVE-2024-12061
Redhat
No data.