CVE-2024-10050
Elementor Header & Footer Builder <= 1.6.43 - Authenticated (Contributor+) Information Disclosure via Shortcode
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 1.6.43 via the hfe_template shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to view the contents of Draft, Private and Password-protected posts they do not own.
El complemento Elementor Header & Footer Builder para WordPress es vulnerable a la divulgación de información en todas las versiones hasta la 1.6.43 incluida a través del código corto hfe_template. Esto permite que atacantes autenticados, con acceso de nivel de colaborador o superior, vean el contenido de publicaciones en borrador, privadas y protegidas con contraseña que no son de su propiedad.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-10-16 CVE Reserved
- 2024-10-23 CVE Published
- 2024-10-25 EPSS Updated
- 2024-11-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (3)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Brainstormforce Search vendor "Brainstormforce" | Elementor Header & Footer Builder Search vendor "Brainstormforce" for product "Elementor Header & Footer Builder" | <= 1.6.43 Search vendor "Brainstormforce" for product "Elementor Header & Footer Builder" and version " <= 1.6.43" | en |
Affected
| ||||||