CVE-2024-1330

Published: Jun 27, 2024Modified: Mar 13, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

The kadence-blocks-pro WordPress plugin before 2.3.8 does not prevent users with at least the contributor role using some of its shortcode's functionalities to leak arbitrary options from the database.

Affected (1)

Products: Kadencewp: Kadence Blocks Pro

Kadencewp

1 product

Kadence Blocks Pro

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Kadencewp Kadence Blocks Pro	Before 2.3.8

References (2)

https://wpscan.com/vulnerability/1988815b-7a53-4657-9b1c-1f83c9f9ccfd/

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/1988815b-7a53-4657-9b1c-1f83c9f9ccfd/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.