CVE-2024-10690

Name of the Vulnerable Software and Affected Versions Shortcodes for Elementor plugin for WordPress versions up to, and including, 1.0.4 RSTheme (affected versions not specified)

Description The issue is related to Information Exposure, where insufficient restrictions on which posts can be included via the SHORTCODE ELEMENTOR shortcode allow authenticated attackers with Contributor-level access and above to extract data from private and draft posts created with Elementor.

Recommendations For Shortcodes for Elementor plugin for WordPress versions up to, and including, 1.0.4: Update to a version later than 1.0.4 to mitigate the risk. For RSTheme: Update to the latest version to mitigate risks. As a temporary workaround, consider restricting access to the SHORTCODE ELEMENTOR shortcode until a patch is available.