exploitDog

CVE-2024-7063

Опубликовано: 15 авг. 2024

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

The ElementsKit Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.6 via the 'render_raw' function. This can allow authenticated attackers, with Contributor-level permissions and above, to extract sensitive data including private, future, and draft posts.

Ссылки

https://wpmet.com/plugin/elementskit/
Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/d35dd18b-0f05-482f-aef3-08977cbec8a0?source=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wpmet:elementskit:*:*:*:*:pro:wordpress:*:*

Версия до 3.6.7 (исключая)

EPSS

Процентиль: 53%

0.00306

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-200

NVD-CWE-noinfo

Связанные уязвимости

GHSA-5xfh-rrx5-67m4

CVSS3: 4.3

github

больше 1 года назад

The ElementsKit Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.6 via the 'render_raw' function. This can allow authenticated attackers, with Contributor-level permissions and above, to extract sensitive data including private, future, and draft posts.

EPSS

Процентиль: 53%

0.00306

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-200

NVD-CWE-noinfo