PT-2023-26109 · WordPress · Essential Addons For Elementor

Ulyses Saicha

Publicado

2023-07-20

Atualizado

2023-07-28

CVE-2023-3779

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions The Essential Addons For Elementor plugin for WordPress versions up to, and including, 5.8.1

Description The issue allows unauthenticated attackers to obtain a site's MailChimp API key due to the plugin adding the API key to the source code of any page running the MailChimp block. This affects sites running the premium version of the plugin with the Mailchimp block enabled on a page.

Recommendations For versions up to, and including, 5.8.1, reset any MailChimp API keys if the MailChimp block is enabled as the API key may have been compromised.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2023-3779

Produtos afetados

Essential Addons For Elementor

PT-2023-26109 · WordPress · Essential Addons For Elementor

CVE-2023-3779

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8