CVE-2024-8494

Name of the Vulnerable Software and Affected Versions Elementor Website Builder Pro plugin for WordPress versions prior to 3.25.11

Description The issue allows authenticated attackers with Contributor-level access and above to extract sensitive data, including the content of Private, Pending, and Draft Templates, via the elementor-template shortcode. This makes it possible to access confidential information. The vulnerability was partially patched in version 3.24.4.

Recommendations For versions prior to 3.24.4, update to version 3.24.4 or later to partially mitigate the issue. For versions 3.24.4 through 3.25.10, update to version 3.25.11 or later to fully resolve the issue. As a temporary workaround, consider restricting access to the elementor-template shortcode until a patch is applied.