CVE-2024-12059

Name of the Vulnerable Software and Affected Versions ElementInvader Addons for Elementor plugin for WordPress versions up to and including 1.3.1

Description The issue allows authenticated attackers with Contributor-level access or higher to extract arbitrary options from the wp options table through the eli option value shortcode. This enables the exposure of sensitive information.

Recommendations For versions up to and including 1.3.1, update to a version higher than 1.3.1 to resolve the issue. As a temporary workaround, consider restricting access to the eli option value shortcode to minimize the risk of exploitation.