CVE-2024-6455

Published: Jul 18, 2024Modified: Jan 16, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: security@wordfence.com (Secondary)

Description

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.0 due to a missing capability checks on ekit_widgetarea_content function. This makes it possible for unauthenticated attackers to view any item created in Elementor, such as posts, pages and templates including drafts, pending and private items.

Affected (1)

Products: Wpmet: Elements Kit Elementor Addons

1 product

Elements Kit Elementor Addons

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Wpmet Elements Kit Elementor Addons	Before 3.2.1

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (4)

https://plugins.trac.wordpress.org/browser/elementskit-lite/tags/3.2.0/modules/controls/widget-area-utils.php#L15

Source: security@wordfence.com

Product

https://www.wordfence.com/threat-intel/vulnerabilities/id/7c336530-09b2-4ead-923f-f1a6266e3e8e?source=cve

Source: security@wordfence.com

Third Party Advisory

https://plugins.trac.wordpress.org/browser/elementskit-lite/tags/3.2.0/modules/controls/widget-area-utils.php#L15

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://www.wordfence.com/threat-intel/vulnerabilities/id/7c336530-09b2-4ead-923f-f1a6266e3e8e?source=cve

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.