5.7
CVE-2024-8978
- EPSS 0.27%
- Veröffentlicht 15.11.2024 10:15:04
- Zuletzt bearbeitet 19.11.2024 17:04:38
- Quelle security@wordfence.com
- Teams Watchlist Login
- Unerledigt Login
The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.9 via the 'init_content_register_user_email_controls' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including usernames and passwords of any users who register via the Login | Register Form widget, as long as that user opens the email notification for successful registration.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wpdeveloper ≫ Essential Addons For Elementor SwEditionlite SwPlatformwordpress Version < 6.0.10
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
Typ | Quelle | Score | Percentile |
---|---|---|---|
EPSS | FIRST.org | 0.27% | 0.499 |
Quelle | Base Score | Exploit Score | Impact Score | Vector String |
---|---|---|---|---|
security@wordfence.com | 5.7 | 2.1 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.