CVE-2024-6455
ElementsKit Elementor addons <= 3.2.0 - Unauthenticated Information Exposure via ekit_widgetarea_content Function
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.0 due to a missing capability checks on ekit_widgetarea_content function. This makes it possible for unauthenticated attackers to view any item created in Elementor, such as posts, pages and templates including drafts, pending and private items.
El complemento ElementsKit Elementor addons para WordPress es vulnerable a la exposición de la información en todas las versiones hasta la 3.2.0 incluida, debido a la falta de comprobaciones de capacidad en la función ekit_widgetarea_content. Esto hace posible que atacantes no autenticados vean cualquier elemento creado en Elementor, como publicaciones, páginas y plantillas, incluidos borradores, elementos pendientes y privados.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-07-02 CVE Reserved
- 2024-07-18 CVE Published
- 2024-08-09 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (2)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Xpeedstudio Search vendor "Xpeedstudio" | ElementsKit Elementor Addons Search vendor "Xpeedstudio" for product "ElementsKit Elementor Addons" | <= 3.2.0 Search vendor "Xpeedstudio" for product "ElementsKit Elementor Addons" and version " <= 3.2.0" | en |
Affected
| ||||||