CVE-2024-13217

Name of the Vulnerable Software and Affected Versions Jeg Elementor Kit plugin for WordPress versions prior to 2.6.12

Description The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, scheduled, and draft template data. This is possible via the expired data and build content functions.

Recommendations For versions prior to 2.6.12, update to version 2.6.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the expired data and build content functions to minimize the risk of exploitation.