CVE-2024-13855

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Feb 20, 2025

Updated: Feb 25, 2025

CWE ID 639

CWE ID 284

Summary

CVE-2024-13855 is a vulnerability affecting the Prime Addons for Elementor plugin for WordPress. The issue stems from a lack of validation on a user-controlled key in the pae_global_block shortcode. Consequently, authenticated attackers with Contributor-level access and above can gain unauthorized access to information from posts, including drafts, private, password-protected, and restricted posts. This vulnerability applies specifically to posts created with Elementor.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3PBOXS
https://www.cve.org/CVERecord?id=CVE-2024-13855
https://nvd.nist.gov/vuln/detail/CVE-2024-13855

Back to Vulnerability Database

CVE-2024-13855

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations