CVE-2024-8801

The Happy Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.2 via the Content Switcher widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including private, draft, and pending Elementor templates.
Configurations

Configuration 1 (hide)

cpe:2.3:a:wedevs:happy_addons_for_elementor:*:*:*:*:*:wordpress:*:*

History

30 Sep 2024, 14:23

Type Values Removed Values Added
First Time Wedevs
Wedevs happy Addons For Elementor
CPE cpe:2.3:a:wedevs:happy_addons_for_elementor:*:*:*:*:*:wordpress:*:*
CWE NVD-CWE-noinfo
References () https://plugins.trac.wordpress.org/browser/happy-elementor-addons/trunk/widgets/content-switcher/widget.php - () https://plugins.trac.wordpress.org/browser/happy-elementor-addons/trunk/widgets/content-switcher/widget.php - Product
References () https://plugins.trac.wordpress.org/changeset/3154460/ - () https://plugins.trac.wordpress.org/changeset/3154460/ - Patch
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/9f1078b8-f458-46a6-9982-e8d2d1d1b73b?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/9f1078b8-f458-46a6-9982-e8d2d1d1b73b?source=cve - Third Party Advisory

26 Sep 2024, 13:32

Type Values Removed Values Added
Summary
  • (es) El complemento Happy Addons for Elementor para WordPress es vulnerable a la exposición de información confidencial en todas las versiones hasta la 3.12.2 incluida a través del widget Content Switcher. Esto permite que atacantes autenticados, con acceso de nivel de colaborador o superior, extraigan datos confidenciales, incluidas plantillas de Elementor privadas, en borrador y pendientes.

25 Sep 2024, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-25 01:15

Updated : 2024-09-30 14:23


NVD link : CVE-2024-8801

Mitre link : CVE-2024-8801

CVE.ORG link : CVE-2024-8801


JSON object : View

Products Affected

wedevs

  • happy_addons_for_elementor
CWE
NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor