CVE-2024-7417

Published: Oct 17, 2024Modified: Jan 10, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: security@wordfence.com (Secondary)

Description

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.986 via the data_fetch. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protected posts.

Affected (1)

Products: Royal Elementor Addons: Royal Elementor Addons

Royal Elementor Addons

1 product

Royal Elementor Addons

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Royal Elementor Addons Royal Elementor Addons	Up to 1.3.986

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (3)

https://plugins.trac.wordpress.org/browser/royal-elementor-addons/tags/1.3.985/classes/modules/wpr-ajax-search.php#L21

Source: security@wordfence.com

Product

https://plugins.trac.wordpress.org/changeset/3162784/royal-elementor-addons/tags/1.3.987/classes/modules/wpr-ajax-search.php?old=3141814&old_path=royal-elementor-addons%2Ftags%2F1.3.985%2Fclasses%2Fmodules%2Fwpr-ajax-search.php

Source: security@wordfence.com

Patch

https://www.wordfence.com/threat-intel/vulnerabilities/id/c3dfb0b7-5d9f-492b-9a1a-d4445d39c00c?source=cve

Source: security@wordfence.com

Third Party Advisory

Timeline

No history available yet.