The RRAddons for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.0 via the Popup block due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts that they should not have access to.
Metrics
Affected Vendors & Products
References
History
Sat, 11 Jan 2025 07:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The RRAddons for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.0 via the Popup block due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts that they should not have access to. | |
Title | RRAddons for Elementor <= 1.1.0 - Authenticated (Contributor+) Post Disclosure | |
Weaknesses | CWE-639 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2025-01-11T07:21:51.144Z
Updated: 2025-01-11T07:21:51.144Z
Reserved: 2024-11-27T17:27:12.357Z
Link: CVE-2024-11915
Vulnrichment
No data.
NVD
Status : Received
Published: 2025-01-11T08:15:24.680
Modified: 2025-01-11T08:15:24.680
Link: CVE-2024-11915
Redhat
No data.