5.3

CVE-2024-0910

EPSS 0.46%
Veröffentlicht 06.06.2024 02:15:53
Zuletzt bearbeitet 08.04.2026 17:17:27
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

Restrict for Elementor <= 1.0.7 - Protection Mechanism Bypass

The Restrict for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.7 due to improper restrictions on hidden data that make it accessible through the REST API. This makes it possible for unauthenticated attackers to extract potentially sensitive data from post content.

Mögliche Gegenmaßnahme

Restrict for Elementor: Update to version 1.0.8, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Restrict for Elementor

Version *-1.0.7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Restrict ≫ Restrict For Elementor SwPlatformwordpress Version < 1.0.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.46%	0.642

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@wordfence.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://wordpress.org/plugins/restrict-for-elementor/

Product

https://www.wordfence.com/threat-intel/vulnerabilities/id/14993c04-7fe3-4c42-a605-2e431df14d79?source=cve

Third Party Advisory

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3104418%40restrict-for-elementor&new=3104418%40restrict-for-elementor

https://www.wordfence.com/threat-intel/vulnerabilities/id/14993c04-7fe3-4c42-a605-2e431df14d79

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-0910

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-0910

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-0910

EUVD