CVE-2024-1387
Happy Addons for Elementor <= 3.10.4 - Incorrect Authorization to Information Exposure
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Happy Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to insufficient authorization on the duplicate_thing() function in all versions up to, and including, 3.10.4. This makes it possible for attackers, with contributor-level access and above, to clone arbitrary posts (including private and password protected ones) which may lead to information exposure.
El complemento Happy Addons for Elementor para WordPress es vulnerable al acceso no autorizado a los datos debido a una autorización insuficiente en la función duplicate_thing() en todas las versiones hasta la 3.10.4 incluida. Esto hace posible que los atacantes, con acceso de nivel de colaborador y superior, clonen publicaciones arbitrarias (incluidas las privadas y protegidas con contraseña), lo que puede provocar la exposición de la información.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-02-08 CVE Reserved
- 2024-04-04 CVE Published
- 2024-04-10 EPSS Updated
- 2024-08-21 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-862: Missing Authorization
CAPEC
References (3)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Thehappymonster Search vendor "Thehappymonster" | Happy Addons For Elementor Search vendor "Thehappymonster" for product "Happy Addons For Elementor" | <= 3.10.4 Search vendor "Thehappymonster" for product "Happy Addons For Elementor" and version " <= 3.10.4" | en |
Affected
|