CVE-2023-4723

2023-11-1523:15:09

[email protected]

web.nvd.nist.gov

wordpress

elementor

plugin

security

vulnerability

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

28.6%

JSON

The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.12.7 via the ajax_eae_post_data function. This can allow unauthenticated attackers to extract sensitive data including post/page ids and titles including those of with pending/draft/future/private status.

Affected configurations

Nvd

Node

webtechstreetelementor_addon_elementsRange≤1.12.7wordpress

VendorProductVersionCPE
webtechstreetelementor_addon_elements*cpe:2.3:a:webtechstreet:elementor_addon_elements:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
webtechstreet	elementor_addon_elements	*	cpe:2.3:a:webtechstreet:elementor_addon_elements::::::wordpress::*

References

plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/classes/helper.php#L20

plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2996185%40addon-elements-for-elementor-page-builder%2Ftrunk&old=2980987%40addon-elements-for-elementor-page-builder%2Ftrunk&sfp_email=&sfph_mail=#file15

www.wordfence.com/threat-intel/vulnerabilities/id/89489218-263f-4157-a5cd-a12bc6a0dfe6?source=cve