5.3

CVE-2024-0910

EPSS 0.4%
Veröffentlicht 06.06.2024 02:15:53
Zuletzt bearbeitet 21.11.2024 08:47:41
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

Restrict for Elementor <= 1.0.7 - Protection Mechanism Bypass

The Restrict for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.6 due to improper restrictions on hidden data that make it accessible through the REST API. This makes it possible for unauthenticated attackers to extract potentially sensitive data from post content.

Mögliche Gegenmaßnahme

Restrict for Elementor: Update to version 1.0.8, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 6

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Restrict for Elementor

Version *-1.0.7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Restrict ≫ Restrict For Elementor SwPlatformwordpress Version < 1.0.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.4%	0.597

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@wordfence.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://wordpress.org/plugins/restrict-for-elementor/

Product

https://www.wordfence.com/threat-intel/vulnerabilities/id/14993c04-7fe3-4c42-a605-2e431df14d79?source=cve

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/14993c04-7fe3-4c42-a605-2e431df14d79

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-0910

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-0910

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-0910

EUVD