CVE-2024-8899

Summary

CVE-2024-8899 is a Sensitive Information Exposure vulnerability affecting the Jeg Elementor Kit plugin for WordPress. This issue, present in all versions up to 2.6.9, allows authenticated attackers with Contributor-level access or higher to extract sensitive data, including private, pending, and draft template information. The vulnerability is located in the render_content function of class-tabs-view.php. Attackers can exploit this flaw to gain unauthorized access to confidential data, potentially leading to privacy breaches or data loss. WordPress users are advised to upgrade to the latest version of the plugin to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.