Overview
- Description
- The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.9 via the Page Loader widget. This makes it possible for authenticated attackers, with contributor-level access and above, to view private/draft/password protected posts, pages, and Elementor templates that they should not have access to.
- Source
- security@wordfence.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
- security@wordfence.com
- CWE-200
Social media
- Hype score
- Not currently trending
CVE-2024-9889 The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.9 via the Page Lo… https://t.co/eo87W6JERr
@CVEnew
627 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-9889 Sensitive Information Exposure in ElementInvader Addons for Elementor Plugin The ElementInvader Addons for Elementor plugin on WordPress has a Sensitive Information Exposure vulnerability. This affe... https://t.co/tQftZawGwJ
@VulmonFeeds
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:elementinvader:elementinvader_addons_for_elementor:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "427C2083-7C80-4904-944D-B9DB99EDCF1B",
"versionEndExcluding": "1.3.0"
}
],
"operator": "OR"
}
]
}
]