4 matches found
CVE-2024-7063
The ElementsKit Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.6 via the 'renderraw' function. This can allow authenticated attackers, with Contributor-level permissions and above, to extract sensitive data including private,...
CVE-2024-7063
CVE-2024-7063 affects ElementsKit Pro for WordPress, with Sensitive Information Exposure via render_raw in all versions up to 3.6.6. The issue requires authentication (Contributor+), allowing an authenticated user to exfiltrate sensitive data such as private, future, and draft posts. Connected so...
CVE-2024-4404
CVE-2024-4404 : ElementsKit Pro for WordPress is vulnerable to Server-Side Request Forgery, via the render_raw function, in versions up to and including 3.6.2. An authenticated attacker with contributor-level permissions or higher can issue web requests from the application to arbitrary locations...
WordPress ElementsKit Elementor addons plugin <= 3.0.6 - Authenticated (Contributor+) Local File Inclusion in render_raw vulnerability
Authenticated Contributor+ Local File Inclusion in renderraw vulnerability discovered by wesley wcraft in WordPress Plugin Elements kit Elementor addons versions = 3.0.6...