CVE-2024-10360

Name of the Vulnerable Software and Affected Versions Move Addons for Elementor plugin for WordPress versions up to, and including, 1.3.5

Description The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, and draft template data via the render function in various widget.php files, including includes/widgets/accordion/widget.php and includes/widgets/remote-template/widget.php.

Recommendations For versions up to, and including, 1.3.5, update to the latest version to resolve the issue. As a temporary workaround, consider restricting access to the render function in the affected widget.php files until a patch is available. Restrict access to sensitive template data to minimize the risk of exploitation.