gsd-2024-3733
Vulnerability from gsd
Modified
2024-04-13 05:02
Details
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.9.15 via the ajax_load_more() , eael_woo_pagination_product_ajax(), and ajax_eael_product_gallery() functions. This makes it possible for unauthenticated attackers to extract posts that may be in private or draft status.
Aliases
{ "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2024-3733" ], "details": "The Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits \u0026 WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.9.15 via the ajax_load_more() , eael_woo_pagination_product_ajax(), and ajax_eael_product_gallery() functions. This makes it possible for unauthenticated attackers to extract posts that may be in private or draft status.", "id": "GSD-2024-3733", "modified": "2024-04-13T05:02:35.736845Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security@wordfence.com", "ID": "CVE-2024-3733", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits \u0026 WooCommerce Builders", "version": { "version_data": [ { "version_affected": "\u003c=", "version_name": "*", "version_value": "5.9.15" } ] } } ] }, "vendor_name": "wpdevteam" } ] } }, "credits": [ { "lang": "en", "value": "Craig Smith" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits \u0026 WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.9.15 via the ajax_load_more() , eael_woo_pagination_product_ajax(), and ajax_eael_product_gallery() functions. This makes it possible for unauthenticated attackers to extract posts that may be in private or draft status." } ] }, "impact": { "cvss": [ { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-200 Information Exposure" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3d604f7a-947c-43f4-bba6-e7e98b2d7844?source=cve", "refsource": "MISC", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3d604f7a-947c-43f4-bba6-e7e98b2d7844?source=cve" }, { "name": "https://plugins.trac.wordpress.org/changeset/3075644/essential-addons-for-elementor-lite/tags/5.9.16/includes/Traits/Ajax_Handler.php", "refsource": "MISC", "url": "https://plugins.trac.wordpress.org/changeset/3075644/essential-addons-for-elementor-lite/tags/5.9.16/includes/Traits/Ajax_Handler.php" } ] } }, "nvd.nist.gov": { "cve": { "descriptions": [ { "lang": "en", "value": "The Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits \u0026 WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.9.15 via the ajax_load_more() , eael_woo_pagination_product_ajax(), and ajax_eael_product_gallery() functions. This makes it possible for unauthenticated attackers to extract posts that may be in private or draft status." }, { "lang": "es", "value": "Los complementos Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits \u0026amp; WooCommerce Builders para WordPress son vulnerables a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 5.9.15 incluida a trav\u00e9s de ajax_load_more(), eael_woo_pagination_product_ajax() y ajax_eael_product_gallery( ) funciones. Esto hace posible que atacantes no autenticados extraigan publicaciones que pueden estar en estado privado o borrador." } ], "id": "CVE-2024-3733", "lastModified": "2024-04-25T13:18:13.537", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary" } ] }, "published": "2024-04-25T09:15:08.237", "references": [ { "source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3075644/essential-addons-for-elementor-lite/tags/5.9.16/includes/Traits/Ajax_Handler.php" }, { "source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3d604f7a-947c-43f4-bba6-e7e98b2d7844?source=cve" } ], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Awaiting Analysis" } } } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.