4.3

CVE-2024-12062

Charity Addon for Elementor <= 1.3.3 - Authenticated (Contributor+) Post Disclosure

Charity Addon for Elementor <= 1.3.3 - Authenticated (Contributor+) Post Disclosure

The Charity Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.3 via the 'nacharity_elementor_template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.
Mögliche Gegenmaßnahme
Charity Addon for Elementor: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NicheaddonsCharity Addon For Elementor SwPlatformwordpress Version < 1.3.3
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt Charity Addon for Elementor
Version *-1.3.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.3% 0.209
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security@wordfence.com 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE-639 Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

https://plugins.trac.wordpress.org/browser/charity-addon-for-elementor/trunk/elementor/lib/lib.php#L12
Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/7ac68314-c704-4273-addc-4bc623659769?source=cve
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/7ac68314-c704-4273-addc-4bc623659769
Third Party Advisory