CVE-2024-12140
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Summary
CVE-2024-12140 is a newly disclosed vulnerability affecting the Elementor Addons AI Addons plugin for WordPress. In versions up to 2.2.1, the render function contains insufficient restrictions, allowing authenticated attackers with Contributor-level access or higher to access private or draft templates. This Information Exposure issue can lead to the extraction of sensitive data that should not be accessible. The vulnerability poses a significant risk, particularly in collaborative environments where multiple users contribute to the WordPress site. Upgrading to the latest version or implementing workarounds is recommended to mitigate this threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.