The Move Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.5 via the render function in includes/widgets/accordion/widget.php, includes/widgets/remote-template/widget.php, and other widget.php files. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.
History

Mon, 27 Jan 2025 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Moveaddons
Moveaddons move Addons For Elementor
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:moveaddons:move_addons_for_elementor:*:*:*:*:*:wordpress:*:*
Vendors & Products Moveaddons
Moveaddons move Addons For Elementor

Tue, 29 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 29 Oct 2024 11:15:00 +0000

Type Values Removed Values Added
Description The Move Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.5 via the render function in includes/widgets/accordion/widget.php, includes/widgets/remote-template/widget.php, and other widget.php files. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.
Title Move Addons for Elementor <= 1.3.5 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-10-29T11:01:36.072Z

Updated: 2024-10-29T14:50:18.357Z

Reserved: 2024-10-24T18:39:05.224Z

Link: CVE-2024-10360

cve-icon Vulnrichment

Updated: 2024-10-29T14:37:29.014Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-29T11:15:03.797

Modified: 2025-01-27T15:19:13.047

Link: CVE-2024-10360

cve-icon Redhat

No data.