The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6 via the 'ube_get_page_templates' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the contents of templates that are private.
Metrics
Affected Vendors & Products
References
History
Fri, 08 Nov 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
G5plus
G5plus ultimate Bootstrap Elements For Elementor |
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:g5plus:ultimate_bootstrap_elements_for_elementor:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
G5plus
G5plus ultimate Bootstrap Elements For Elementor |
Tue, 05 Nov 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 05 Nov 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6 via the 'ube_get_page_templates' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the contents of templates that are private. | |
Title | Ultimate Bootstrap Elements for Elementor <= 1.4.6 - Authenticated (Contributor+) Sensitive Information Exposure | |
Weaknesses | CWE-200 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-11-05T13:55:29.131Z
Updated: 2024-11-05T14:18:36.989Z
Reserved: 2024-10-24T00:07:42.382Z
Link: CVE-2024-10329
Vulnrichment
Updated: 2024-11-05T14:18:32.659Z
NVD
Status : Analyzed
Published: 2024-11-05T14:15:13.917
Modified: 2024-11-08T15:59:16.407
Link: CVE-2024-10329
Redhat
No data.