CVE-2024-10693

Name of the Vulnerable Software and Affected Versions SKT Addons for Elementor versions up to, and including, 3.3

Description The issue allows authenticated attackers with Contributor-level access and above to extract data from private or draft posts created by Elementor that they should not have access to, due to insufficient restrictions on which posts can be included via the Unfold widget.

Recommendations For SKT Addons for Elementor versions up to, and including, 3.3, update to the latest version immediately to mitigate risks. As a temporary workaround, consider restricting access to the Unfold widget until a patch is available.