CVE-2024-10050

Published Oct 24, 2024

Last updated 23 days ago

CVSS medium 4.3

Overview

Description
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 1.6.43 via the hfe_template shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to view the contents of Draft, Private and Password-protected posts they do not own.
Source
security@wordfence.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
4.3
Impact score
1.4
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Severity
MEDIUM

Weaknesses

security@wordfence.com
CWE-200

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2024-10050 (Published: 2024-10-24) affects the Header Footer Elementor plugin for WordPress. Versions exploited are not specified. To mitigate, ensure you update to the latest version available. Stay secure! 🔒 More info: [WordPress Changeset](https://t.co/WQxy6RBiNb)… htt

    @transilienceai

    27 Oct 2024

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2024-10050 (Published: 2024-10-24) - A high-severity vulnerability affects the Header Footer Elementor plugin for WordPress. Ensure you're using the latest version to mitigate risks. Check the changeset for detailed remediation steps: https://t.co/WQxy6RBiNb #WordPress… ht

    @transilienceai

    27 Oct 2024

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 CVE-2024-10050 (Published: 2024-10-24) - A medium severity vulnerability has been identified in the Header Footer Elementor plugin for WordPress. Ensure you're using the latest version to mitigate risks. Check the changeset for details: https://t.co/WQxy6RBiNb #WordPress… http

    @transilienceai

    26 Oct 2024

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2024-10050 The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 1.6.43 via the hfe_template s… https://t.co/se8V8qsiZu

    @CVEnew

    24 Oct 2024

    242 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References