CVE-2024-13855

The Prime Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.1 via the paeglobalblock shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

CVE-2024-13855

CVE-2024-13855 affects Prime Addons for Elementor (WordPress) via Insecure Direct Object Reference in pae_global_block. From Wordfence data: all versions up to 2.0.1 are vulnerable; exploitation requires authenticated access at Contributor level or higher to extract information from non-public po...

WordPress plugin Prime Addons for Elementor 访问控制错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An Access Control...

WordPress Prime Addons for Elementor plugin <= 2.0.1 - Authenticated (Contributor+) Insecure Direct Object Reference via pae_global_block Shortcode vulnerability

Authenticated Contributor+ Insecure Direct Object Reference via paeglobalblock Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Prime Addons for Elementor versions = 2.0.1...