Nilambar

nilambar

1 CVE • 1 product

Products (1)

Click to collapse

Toggle

Prime Addons For Elementor

prime_addons_for_elementor

1 CVE

CVEs (1)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-13855 1Nilambar 1Prime Addons For Elementor Apr 8, 2026 Feb 20, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Prime Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.1 via the pae_global_block shortcode due to missing validation on a user con...Show more The Prime Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.1 via the pae_global_block shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract information from posts that are not public, including drafts, private, password protected, and restricted posts. This applies to posts created with Elementor only.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2024-13855

1Nilambar

1Prime Addons For Elementor

Apr 8, 2026

Feb 20, 2025

N/A· v4

4.3 MEDIUM· v3

N/A· v2

The Prime Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.1 via the pae_global_block shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract information from posts that are not public, including drafts, private, password protected, and restricted posts. This applies to posts created with Elementor only.Show less