CVE-2024-11915

Name of the Vulnerable Software and Affected Versions RRAddons for Elementor plugin for WordPress version 1.1.0 and earlier

Description The issue allows authenticated attackers with Contributor-level access and above to extract data from private or draft posts due to insufficient restrictions on which posts can be included via the Popup block.

Recommendations For RRAddons for Elementor plugin for WordPress version 1.1.0 and earlier, update to a version later than 1.1.0 to resolve the issue. As a temporary workaround, consider restricting access to the Popup block for users with Contributor-level access and above until a patch is available.