CVE-2024-10775 Piotnet Addons For Elementor <= 2.4.32 - Authenticated (Contributor+) Post Disclosure

The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.4.32 via the 'pafe-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...

WordPress plugin Piotnet Addons For Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-1605 · WordPress · Piotnet Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Piotnet Addons For Elementor plugin for WordPress versions up to, and including, 2.4.32 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from private or draft posts created by...

CVE-2024-12116

The CVE-2024-12116 vulnerability in Unlimited Theme Addon For Elementor and WooCommerce (WordPress) allows Information Exposure via the uta-template shortcode in all versions up to 1.2.1. Exploitation requires Contributor-level authentication. A fix exists in version 1.2.2 (and later) per Wordfen...

CVE-2024-12472

The Post Duplicator plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the mtphrduplicatepost due to insufficient restrictions on which posts can be duplicated. This makes it possible for authenticated attackers, with Contributor-level access...

PT-2025-1713 · WordPress · Rraddons For Elementor

Name of the Vulnerable Software and Affected Versions: RRAddons for Elementor plugin for WordPress version 1.1.0 and earlier Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from private or draft posts due to insufficient restrictions o...

PT-2025-1861 · WordPress · Post Duplicator

Name of the Vulnerable Software and Affected Versions: Post Duplicator plugin for WordPress version 2.36 and earlier Description: The issue is related to Information Exposure due to insufficient restrictions on which posts can be duplicated, making it possible for authenticated attackers with...

PT-2025-1753 · WordPress · The Unlimited Theme Addon For Elementor/Woocommerce

Name of the Vulnerable Software and Affected Versions: The Unlimited Theme Addon For Elementor and WooCommerce plugin for WordPress versions up to, and including, 1.2.1 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from private or...

CVE-2024-12584

The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6.2 via the 'duplicate' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

PT-2025-1900 · WordPress · The 140+ Widgets | Xpro Addons For Elementor

Name of the Vulnerable Software and Affected Versions: 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress versions up to, and including, 1.4.6.2 Description: The issue allows authenticated attackers, with Contributor-level access and above, to extract potentially sensitive data...

CVE-2024-12335

The Avada Fusion Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.11.12 via the handleclonepost function and the 'fusionblog' shortcode and due to insufficient restrictions on which posts can be included. This makes it possible for...

PT-2024-17549 · WordPress · Avada (Fusion) Builder

Name of the Vulnerable Software and Affected Versions: Avada Fusion Builder plugin for WordPress versions up to, and including, 3.11.12 Description: The issue allows authenticated attackers with contributor-level access and above to extract data from password protected, private, or draft posts th...

PT-2024-17440 · WordPress · Content No Cache

Name of the Vulnerable Software and Affected Versions: Content No Cache: prevent specific content from being cached plugin for WordPress versions up to, and including, 0.1.2 Description: The issue allows unauthenticated attackers to extract data from password protected, private, or draft posts du...

CVE-2024-12560

The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.5 via the 'btnblockduplicatepost' function. This makes it possible for authenticated attackers, with Contributor-leve...

PT-2024-17655 · WordPress · Button Block

Name of the Vulnerable Software and Affected Versions: Button Block plugin for WordPress versions up to, and including, 1.1.5 Description: The issue allows authenticated attackers with Contributor-level access and above to extract potentially sensitive data from draft, scheduled, private, and...

CVE-2024-12061

The Events Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.3 via the naeventselementortemplate shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, wi...

CVE-2024-10690 Shortcodes for Elementor <= 1.0.4 - Authenticated (Contributor+) Post Disclosure

The Shortcodes for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.4 via the 'SHORTCODEELEMENTOR' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...

CVE-2024-10690 Shortcodes for Elementor <= 1.0.4 - Authenticated (Contributor+) Post Disclosure

The Shortcodes for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.4 via the 'SHORTCODEELEMENTOR' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...

CVE-2024-10690

The CVE-2024-10690 entry corresponds to the WordPress plugin Shortcodes for Elementor (versions up to 1.0.4). The issue is an Information Exposure flaw in the SHORTCODE_ELEMENTOR endpoint caused by insufficient access restrictions, enabling authenticated attackers with Contributor-level access or...

PT-2024-17596 · WordPress · Get Post Content Shortcode

Name of the Vulnerable Software and Affected Versions: Get Post Content Shortcode plugin for WordPress versions up to, and including, 0.4 Description: The issue is related to Insecure Direct Object Reference. This is due to missing validation on a user-controlled key in the 'post-content'...