7.5

CVE-2024-2966

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.5.6 - Sensitive Information Exposure via element_pack_ajax_search

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.5.6 - Sensitive Information Exposure via element_pack_ajax_search

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.5.6 via the  element_pack_ajax_search function. This makes it possible for unauthenticated attackers to extract sensitive data including password protected post details.
Mögliche Gegenmaßnahme
Element Pack – Widgets, Templates & Addons for Elementor: Update to version 5.6.0, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
BdthemesElement Pack SwEditionlite SwPlatformwordpress Version < 5.6.0
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt Element Pack – Widgets, Templates & Addons for Elementor
Version *-5.5.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.49% 0.383
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
security@wordfence.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://plugins.trac.wordpress.org/changeset/3066178/bdthemes-element-pack-lite
Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/39e0fd33-4071-4510-a7d5-b499a8a3543c?source=cve
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/39e0fd33-4071-4510-a7d5-b499a8a3543c
Third Party Advisory