CVE-2024-12062

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Dec 3, 2024
CWE ID 639

Summary

CVE-2024-12062 is a newly disclosed vulnerability affecting the Charity Addon for Elementor plugin used in WordPress websites. This issue, which exists in all versions up to 1.3.2, allows authenticated attackers with Contributor-level access and above to extract data from private or draft posts created by Elementor. The vulnerability arises due to insufficient restrictions on which posts can be included using the 'nacharity_elementor_template' shortcode, enabling unauthorized access to sensitive information. This issue poses a significant risk to the privacy and security of WordPress sites utilizing the Charity Addon for Elementor plugin and should be addressed promptly by updating to the latest version or implementing appropriate workarounds.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share