CVE-2024-10670

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Nov 28, 2024
CWE ID 639

Summary

CVE-2024-10670 is a newly disclosed vulnerability affecting the Primary Addon for Elementor plugin used in WordPress websites. This issue, present in all versions up to 1.6.2, exposes sensitive information through the [prim_elementor_template] shortcode. Authenticated attackers with Contributor-level access or higher can exploit this vulnerability to access data from private or draft posts, which they are not authorized to view. The flaw stems from insufficient access restrictions on the posts included with the shortcode, posing a significant risk to the confidentiality of website content. Upgrading to the latest version of the plugin is recommended to mitigate this Information Exposure vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Primary Addon For Elementor Plugin

Affected Vendors

  • WordPress