Lucene search

WordfenceCVELIST:CVE-2024-5614

HistoryJul 27, 2024 - 11:13 a.m.

CVE-2024-5614 Piotnet Addons For Elementor <= 2.4.29 - Unauthenticated Sensitive Information Exposure

2024-07-2711:13:36

CWE-200

Wordfence

www.cve.org

wordpress

vulnerability

unauthenticated

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

21.1%

JSON

The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.29 via the ‘pafe_posts_list’ function. This makes it possible for unauthenticated attackers to extract sensitive data including titles and excerpts of future, draft, and pending blog posts.

CNA Affected

[
  {
    "vendor": "piotnetdotcom",
    "product": "Piotnet Addons For Elementor",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "2.4.29",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

plugins.trac.wordpress.org/browser/piotnet-addons-for-elementor/trunk/inc/ajax-posts-list.php#L4

plugins.trac.wordpress.org/changeset/3125094/

www.wordfence.com/threat-intel/vulnerabilities/id/2880cde0-a278-4a41-97f7-c54c2b3aceb2?source=cve

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

21.1%

JSON

Related for CVELIST:CVE-2024-5614