PT-2024-16471 · WordPress · Futurio Extra
Francesco Carlucci
·
Published
2024-11-11
·
Updated
2024-11-14
·
CVE-2024-10695
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Futurio Extra plugin for WordPress versions up to, and including, 2.0.13
Description
The issue concerns Information Exposure via the
elementor-template shortcode due to insufficient restrictions on which posts can be included. This allows authenticated attackers with Contributor-level access and above to extract data from private or draft posts they should not have access to.Recommendations
For versions up to, and including, 2.0.13, update to the latest version immediately to mitigate risks. As a temporary workaround, consider restricting access to the
elementor-template shortcode until the update is applied.Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Futurio Extra