PT-2023-30376 · WordPress · Elementor Addon Elements

Marco Wotschka

Publicado

2023-11-15

Atualizado

2023-11-21

CVE-2023-4723

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Elementor Addon Elements plugin for WordPress versions up to, and including, 1.12.7

Description The issue allows unauthenticated attackers to extract sensitive data, including post/page ids and titles, via the ajax eae post data function. This includes data from posts/pages with pending/draft/future/private status.

Recommendations For Elementor Addon Elements plugin for WordPress versions up to, and including, 1.12.7, consider disabling the ajax eae post data function as a temporary workaround until a patch is available.

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862

Identificadores relacionados

CVE-2023-4723

Produtos afetados

Elementor Addon Elements

PT-2023-30376 · WordPress · Elementor Addon Elements

CVE-2023-4723

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6