CVE-2024-10356

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Dec 17, 2024

CWE ID 200

Summary

CVE-2024-10356 is a vulnerability affecting the ElementsReady Addons for Elementor plugin used in WordPress websites. This issue, present in versions up to 6.4.8, exposes sensitive information, including private, pending, and draft template data. Authenticated attackers with Contributor-level access or higher can exploit this vulnerability located in inc/Widgets/accordion/output/content.php, posing a significant risk to the confidentiality of the affected sites.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/z0RLoe
https://www.cve.org/CVERecord?id=CVE-2024-10356
https://nvd.nist.gov/vuln/detail/CVE-2024-10356

Back to Vulnerability Database

CVE-2024-10356

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations