4.3
CVE-2024-8801
- EPSS 0.4%
- Veröffentlicht 25.09.2024 01:15:47
- Zuletzt bearbeitet 30.09.2024 14:23:46
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginHappy Addons for Elementor <= 3.12.2 - Authenticated (Contributor+) Sensitive Information Exposure
Happy Addons for Elementor <= 3.12.2 - Authenticated (Contributor+) Sensitive Information Exposure
The Happy Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.2 via the Content Switcher widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including private, draft, and pending Elementor templates.
Mögliche Gegenmaßnahme
Happy Addons for Elementor: Update to version 3.12.3, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wedevs ≫ Happy Addons For Elementor SwPlatformwordpress Version < 3.12.3
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Happy Addons for Elementor
Version
*-3.12.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.4% | 0.319 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
https://plugins.trac.wordpress.org/browser/happy-elementor-addons/trunk/widgets/content-switcher/widget.php
https://plugins.trac.wordpress.org/changeset/3154460/
https://www.wordfence.com/threat-intel/vulnerabilities/id/9f1078b8-f458-46a6-9982-e8d2d1d1b73b?source=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/9f1078b8-f458-46a6-9982-e8d2d1d1b73b