CVE-2024-10670
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Summary
CVE-2024-10670 is a newly disclosed vulnerability affecting the Primary Addon for Elementor plugin used in WordPress websites. This issue, present in all versions up to 1.6.2, exposes sensitive information through the [prim_elementor_template] shortcode. Authenticated attackers with Contributor-level access or higher can exploit this vulnerability to access data from private or draft posts, which they are not authorized to view. The flaw stems from insufficient access restrictions on the posts included with the shortcode, posing a significant risk to the confidentiality of website content. Upgrading to the latest version of the plugin is recommended to mitigate this Information Exposure vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Primary Addon For Elementor Plugin
Affected Vendors
- WordPress