Описание
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private and draft posts created by Elementor that they should not have access to.
Ссылки
- Patch
- Third Party Advisory
Уязвимые конфигурации
EPSS
4.3 Medium
CVSS3
Дефекты
Связанные уязвимости
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private and draft posts created by Elementor that they should not have access to.
EPSS
4.3 Medium
CVSS3