CVE-2024-6455 Vulnerability Details

  /     /     /  

CVE-2024-6455 Metadata Quick Info

CVE Published: 18/07/2024 | CVE Updated: 09/08/2024 | CVE Year: 2024
Source: Wordfence | Vendor: xpeedstudio | Product: ElementsKit Elementor addons
Status : PUBLISHED

---

CVE-2024-6455 Description

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.0 due to a missing capability checks on ekit_widgetarea_content function. This makes it possible for unauthenticated attackers to view any item created in Elementor, such as posts, pages and templates including drafts, pending and private items.

Metrics

CVSS Version: 3.1 | Base Score: 5.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-200
CWE Name: CWE-200 Information Exposure
Source: xpeedstudio

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).