CVE-2024-10316

Name of the Vulnerable Software and Affected Versions The Stratum – Elementor Widgets plugin for WordPress versions up to, and including, 1.4.4

Description The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, and draft template data due to Sensitive Information Exposure. This is possible in the includes/templates/content-switcher.php file.

Recommendations For versions up to, and including, 1.4.4, update the plugin immediately to a version above 1.4.4 to prevent exploitation. Additionally, review logs for suspicious activity to identify any potential breaches. As a temporary workaround, consider restricting access to the includes/templates/content-switcher.php file until the update is applied.