The Qi Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.0 via private templates. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the contents of templates that are private.
History

Fri, 25 Oct 2024 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Qodeinteractive
Qodeinteractive qi Addons For Elementor
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:qodeinteractive:qi_addons_for_elementor:*:*:*:*:*:wordpress:*:*
Vendors & Products Qodeinteractive
Qodeinteractive qi Addons For Elementor

Wed, 23 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 23 Oct 2024 07:45:00 +0000

Type Values Removed Values Added
Description The Qi Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.0 via private templates. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the contents of templates that are private.
Title Qi Addons For Elementor <= 1.8.0 - Sensitive Information Exposure
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-10-23T07:34:54.225Z

Updated: 2024-10-23T13:46:08.818Z

Reserved: 2024-10-04T15:09:03.542Z

Link: CVE-2024-9530

cve-icon Vulnrichment

Updated: 2024-10-23T13:46:05.698Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-23T08:15:03.770

Modified: 2024-10-25T18:52:10.810

Link: CVE-2024-9530

cve-icon Redhat

No data.