CVE-2024-8913

Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor versions prior to 5.6.12

Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, and draft template data. This is possible due to sensitive information exposure in the render function located in modules/widgets/tp accordion.php.

Recommendations: For versions prior to 5.6.12, update to version 5.6.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the render function in modules/widgets/tp accordion.php to minimize the risk of exploitation.