The RRAddons for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.0 via the Popup block due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts that they should not have access to.
History

Sat, 11 Jan 2025 07:30:00 +0000

Type Values Removed Values Added
Description The RRAddons for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.0 via the Popup block due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts that they should not have access to.
Title RRAddons for Elementor <= 1.1.0 - Authenticated (Contributor+) Post Disclosure
Weaknesses CWE-639
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2025-01-11T07:21:51.144Z

Updated: 2025-01-11T07:21:51.144Z

Reserved: 2024-11-27T17:27:12.357Z

Link: CVE-2024-11915

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2025-01-11T08:15:24.680

Modified: 2025-01-11T08:15:24.680

Link: CVE-2024-11915

cve-icon Redhat

No data.