The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6 via the 'ube_get_page_templates' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the contents of templates that are private.
History

Fri, 08 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared G5plus
G5plus ultimate Bootstrap Elements For Elementor
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:g5plus:ultimate_bootstrap_elements_for_elementor:*:*:*:*:*:wordpress:*:*
Vendors & Products G5plus
G5plus ultimate Bootstrap Elements For Elementor

Tue, 05 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 05 Nov 2024 14:15:00 +0000

Type Values Removed Values Added
Description The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6 via the 'ube_get_page_templates' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the contents of templates that are private.
Title Ultimate Bootstrap Elements for Elementor <= 1.4.6 - Authenticated (Contributor+) Sensitive Information Exposure
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-11-05T13:55:29.131Z

Updated: 2024-11-05T14:18:36.989Z

Reserved: 2024-10-24T00:07:42.382Z

Link: CVE-2024-10329

cve-icon Vulnrichment

Updated: 2024-11-05T14:18:32.659Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-05T14:15:13.917

Modified: 2024-11-08T15:59:16.407

Link: CVE-2024-10329

cve-icon Redhat

No data.