4.3
CVE-2024-8516
- EPSS 0.43%
- Veröffentlicht 25.09.2024 04:15:05
- Zuletzt bearbeitet 08.04.2026 18:22:40
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginThemesflat Addons For Elementor <= 2.2.1 - Authenticated (Contributor+) Information Exposure
Themesflat Addons For Elementor <= 2.2.1 - Authenticated (Contributor+) Information Exposure
The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.1 via the render() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract limited post information from draft and future scheduled posts.
Mögliche Gegenmaßnahme
Themesflat Addons For Elementor: Update to version 2.2.2, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Themesflat ≫ Themesflat Addons For Elementor SwPlatformwordpress Version <= 2.2.1
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Themesflat Addons For Elementor
Version
*-2.2.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.43% | 0.343 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
https://plugins.trac.wordpress.org/browser/themesflat-addons-for-elementor/trunk/widgets/widget-posts.php#L3327
https://www.wordfence.com/threat-intel/vulnerabilities/id/75c5d4e6-9ef3-4b12-9ee9-67121dbb0fcd?source=cve
https://plugins.trac.wordpress.org/changeset/3158485/themesflat-addons-for-elementor/trunk/widgets/widget-posts.php?contextall=1
https://www.wordfence.com/threat-intel/vulnerabilities/id/75c5d4e6-9ef3-4b12-9ee9-67121dbb0fcd