Lucene search

WpvulndbWPVDB-ID:55DFEA02-97C0-4C73-86FA-E206D39EB592

HistoryJun 13, 2024 - 12:00 a.m.

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) < 1.5.110 - Authenticated (Contributor+) Information Exposure

2024-06-1300:00:00

wpscan.com

wordpress

elementor

vulnerability

authenticated

contributor+.

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

Low

JSON

Description The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.109 due to missing restrictions on the getPostDataByObj() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to view password protected posts.

References

www.wordfence.com/threat-intel/vulnerabilities/id/af37b5ab-e7ff-4a2a-98c3-decdf238a13f

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

Low

JSON

Related for WPVDB-ID:55DFEA02-97C0-4C73-86FA-E206D39EB592