CVE-2024-8516

The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.1 via the render() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract limited post information from draft and future scheduled posts.
Configurations

Configuration 1 (hide)

cpe:2.3:a:themesflat:themesflat_addons_for_elementor:*:*:*:*:*:wordpress:*:*

History

02 Oct 2024, 19:22

Type Values Removed Values Added
References () https://plugins.trac.wordpress.org/browser/themesflat-addons-for-elementor/trunk/widgets/widget-posts.php#L3327 - () https://plugins.trac.wordpress.org/browser/themesflat-addons-for-elementor/trunk/widgets/widget-posts.php#L3327 - Product
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/75c5d4e6-9ef3-4b12-9ee9-67121dbb0fcd?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/75c5d4e6-9ef3-4b12-9ee9-67121dbb0fcd?source=cve - Third Party Advisory
CWE NVD-CWE-noinfo
First Time Themesflat themesflat Addons For Elementor
Themesflat
CPE cpe:2.3:a:themesflat:themesflat_addons_for_elementor:*:*:*:*:*:wordpress:*:*

26 Sep 2024, 13:32

Type Values Removed Values Added
Summary
  • (es) El complemento Themesflat Addons For Elementor para WordPress es vulnerable a la exposición de información en todas las versiones hasta la 2.2.1 incluida a través de la función render(). Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, extraigan información limitada de las publicaciones de borradores y futuras publicaciones programadas.

25 Sep 2024, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-25 04:15

Updated : 2024-10-02 19:22


NVD link : CVE-2024-8516

Mitre link : CVE-2024-8516

CVE.ORG link : CVE-2024-8516


JSON object : View

Products Affected

themesflat

  • themesflat_addons_for_elementor
CWE
NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor