CVE-2024-13841

Name of the Vulnerable Software and Affected Versions The Builder Shortcode Extras – WordPress Shortcodes Collection to Save You Time plugin for WordPress versions up to, and including, 1.0.0

Description The issue allows authenticated attackers with Contributor-level access and above to extract data from private and draft posts created with Elementor that they should not have access to, due to insufficient restrictions on which posts can be included via the bse-elementor-template shortcode.

Recommendations For versions up to, and including, 1.0.0, consider disabling the bse-elementor-template shortcode until a patch is available to prevent exploitation. Restrict access to private and draft posts created with Elementor to minimize the risk of data exposure.