← Back

CVE-2024-8494

nvd nist
Published: Jan 30, 2025Modified: Jan 30, 2025

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.25.10 via the 'elementor-template' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the content of Private, Pending, and Draft Templates. The vulnerability was partially patched in version 3.24.4.

Affected (1)

Elementor
1 product
Website Builder
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Website Builder
Before 3.25.11

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

Source: security@wordfence.com
Product
Source: security@wordfence.com
Third Party Advisory

Timeline

No history available yet.