CVE-2024-12335

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Dec 25, 2024

CWE ID 639

Summary

CVE-2024-12335 is a newly discovered vulnerability affecting the Avada (Fusion) Builder plugin for WordPress. This issue allows authenticated attackers with contributor-level access or higher to extract information from password-protected, private, or draft posts through the use of the 'fusion_blog' shortcode and the handle_clone_post() function. By exploiting insufficient restrictions on which posts can be included, attackers can gain unauthorized access to data they should not be able to view. Versions up to and including 3.11.12 are reportedly affected. This vulnerability poses a significant risk to WordPress sites using the Avada (Fusion) Builder plugin and highlights the importance of keeping software up-to-date with the latest security patches.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2024-12335

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations