CVE-2024-13215

EPSS 0.17%
Veröffentlicht 15.01.2025 13:15:09
Zuletzt bearbeitet 23.01.2025 17:35:41
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

Elementor Addon Elements <= 1.13.10 - Authenticated (Contributor+) Sensitive Information Exposure via Modal Popup

The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.10 via the 'render' function in modules/modal-popup/widgets/modal-popup.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, scheduled, and draft template data.

Mögliche Gegenmaßnahme

Addon Elements for Elementor (formerly Elementor Addon Elements): Update to version 1.14, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Addon Elements for Elementor (formerly Elementor Addon Elements)

Version * - 1.13.10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Webtechstreet ≫ Elementor Addon Elements SwPlatformwordpress Version < 1.14

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.17%	0.39

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@wordfence.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-359 Exposure of Private Personal Information to an Unauthorized Actor

The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.

https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/modules/modal-popup/widgets/modal-popup.php#L1058

Product

https://plugins.trac.wordpress.org/changeset/3221982/

Patch

https://www.wordfence.com/threat-intel/vulnerabilities/id/4feacb75-0533-4f53-8ce9-3e45ee8336e2?source=cve

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/4feacb75-0533-4f53-8ce9-3e45ee8336e2

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-13215

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-13215

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-13215

EUVD