CVE-2024-10356

Name of the Vulnerable Software and Affected Versions ElementsReady Addons for Elementor versions up to, and including, 6.4.8

Description The issue allows authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data due to Sensitive Information Exposure in the inc/Widgets/accordion/output/content.php file.

Recommendations For versions up to, and including, 6.4.8, update to a version later than 6.4.8 to resolve the issue. As a temporary workaround, consider restricting access to the inc/Widgets/accordion/output/content.php file until a patch is available. Restrict Contributor-level access and above to minimize the risk of exploitation.