2 matches found
CVE-2021-24948
The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery parameter of the tpgetdlpostinfoajax AJAX action, which could allow unauthenticated users to retrieve sensitive information, such as private and draft posts...
CVE-2021-24948
The CVE affects The Plus Addons for Elementor Pro (WordPress) up to version 5.0.6. The tp_get_dl_post_info_ajax action does not validate the qvquery parameter, allowing unauthenticated users to retrieve sensitive data such as private and draft posts. Public CVSS metrics indicate high impact (CVSS...