CVE-2023-6582

EPSS 0.52%
Veröffentlicht 11.01.2024 09:15:49
Zuletzt bearbeitet 08.04.2026 19:18:57
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

ElementsKit Lite <= 3.0.3 - Unauthenticated Sensitive Information Exposure

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.3 via the ekit_widgetarea_content function. This makes it possible for unauthenticated attackers to obtain contents of posts in draft, private or pending review status that should not be visible to the general public. This applies to posts created with Elementor only.

Mögliche Gegenmaßnahme

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor: Update to version 3.0.4, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wpmet ≫ Elements Kit Elementor Addons SwPlatformwordpress Version < 3.0.4

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

Version *-3.0.3

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.52%	0.4

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
security@wordfence.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://plugins.trac.wordpress.org/browser/elementskit-lite/tags/3.0.3/modules/controls/widget-area-utils.php#L15

Patch

https://plugins.trac.wordpress.org/browser/elementskit-lite/tags/3.0.3/widgets/init/enqueue-scripts.php#L44

Patch

https://plugins.trac.wordpress.org/changeset/3011323/elementskit-lite/trunk/modules/controls/widget-area-utils.php

Patch

https://www.wordfence.com/threat-intel/vulnerabilities/id/ff4ae5c8-d164-4c2f-9bf3-83934c22cf4c?source=cve

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/ff4ae5c8-d164-4c2f-9bf3-83934c22cf4c

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-6582

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-6582

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-6582

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-6582