CVE-2023-4723

Elementor Addon Elements <= 1.12.7 - Missing Authorization to Sensitive Information Exposure

Severity Score

5.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.12.7 via the ajax_eae_post_data function. This can allow unauthenticated attackers to extract sensitive data including post/page ids and titles including those of with pending/draft/future/private status.

El complemento Elementor Addon Elements para WordPress es vulnerable a la Exposición de Información Confidencial en versiones hasta la 1.12.7 incluida a través de la función ajax_eae_post_data. Esto puede permitir a atacantes no autenticados extraer datos confidenciales, incluidos los ID y títulos de publicaciones/páginas, incluidos aquellos con estado pendiente/borrador/futuro/privado.

*Credits: Marco Wotschka, Paolo Tresso

CVSS Scores

NISTv3.1 5.3

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-09-01 CVE Reserved
2023-11-15 CVE Published
2024-08-02 CVE Updated
2024-10-15 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-862: Missing Authorization

CAPEC

References (3)

URL	Tag	Source
https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/classes/helper.php#L20	Issue Tracking
https://www.wordfence.com/threat-intel/vulnerabilities/id/89489218-263f-4157-a5cd-a12bc6a0dfe6?source=cve	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2996185%40addon-elements-for-elementor-page-builder%2Ftrunk&old=2980987%40addon-elements-for-elementor-page-builder%2Ftrunk&sfp_email=&sfph_mail=#file15	2023-11-21

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Webtechstreet Search vendor "Webtechstreet"		Elementor Addon Elements Search vendor "Webtechstreet" for product "Elementor Addon Elements"				<= 1.12.7 Search vendor "Webtechstreet" for product "Elementor Addon Elements" and version " <= 1.12.7"		wordpress		Affected