CVE-2024-13215

Name of the Vulnerable Software and Affected Versions Elementor Addon Elements plugin for WordPress versions up to, and including, 1.13.10

Description The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, scheduled, and draft template data via the render function in modules/modal-popup/widgets/modal-popup.php. This makes it possible for attackers to access confidential information.

Recommendations For versions up to, and including, 1.13.10, consider disabling the render function in modules/modal-popup/widgets/modal-popup.php as a temporary workaround until a patch is available. Restrict access to the modal-popup module to minimize the risk of exploitation. Avoid using the affected plugin until the issue is resolved. Update to a version later than 1.13.10 when available.