4.3
CVE-2024-8516
- EPSS 0.3%
- Veröffentlicht 25.09.2024 04:15:05
- Zuletzt bearbeitet 02.10.2024 19:22:44
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginThemesflat Addons For Elementor <= 2.2.1 - Authenticated (Contributor+) Information Exposure
The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.1 via the render() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract limited post information from draft and future scheduled posts.
Mögliche Gegenmaßnahme
Themesflat Addons For Elementor: Update to version 2.2.2, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Themesflat Addons For Elementor
Version
*-2.2.1
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Themesflat ≫ Themesflat Addons For Elementor SwPlatformwordpress Version <= 2.2.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.3% | 0.531 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.