CVE-2024-10692

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Dec 6, 2024
CWE ID 639

Summary

CVE-2024-10692 is a newly disclosed vulnerability affecting the PowerPack Elementor Addons plugin used in WordPress sites. The issue lies within the Content Reveal widget and allows authenticated attackers with Contributor-level access or higher to access data from password-protected, private, or draft posts. This Information Exposure vulnerability puts sensitive information at risk, potentially leading to privacy breaches. All versions up to and including 2.8.1 are affected. Users are urged to update the plugin as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share