PT-2024-16191 · WordPress · The Ultimate Bootstrap Elements For Elementor
Ankit Patel
·
Published
2024-11-05
·
Updated
2024-11-08
·
CVE-2024-10329
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
The Ultimate Bootstrap Elements for Elementor plugin for WordPress versions up to, and including, 1.4.6
Description
The issue allows authenticated attackers with Contributor-level access and above to extract sensitive data, including the contents of private templates, via the
ube get page templates function.Recommendations
For versions up to, and including, 1.4.6, upgrade to a patched version as soon as possible to prevent potential data leaks.
As a temporary workaround, consider restricting access to the
ube get page templates function until a patch is available.Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
The Ultimate Bootstrap Elements For Elementor