Sensitive Information Exposure in Elementor Plugin
CVE-2024-10329

4.3MEDIUM

Key Information:

Vendor: Wordpress
Status: Ultimate Bootstrap Elements For Elementor
Vendor: CVE Published:; 5 November 2024

Summary

The Ultimate Bootstrap Elements for Elementor plugin for WordPress is known to have a vulnerability that permits authenticated users with Contributor-level access and above to extract sensitive data. This weakness arises from the 'ube_get_page_templates' function, which can inadvertently expose private template contents. Proper access controls and security measures must be in place to mitigate the risks associated with this vulnerability and prevent unauthorized data access.

Affected Version(s)

Ultimate Bootstrap Elements for Elementor * <= 1.4.6

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/ultimate-boots...

https://plugins.trac.wordpress.org/changeset/3176562/

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 5, 2024
Vulnerability Reserved
Oct 24, 2024

Credit

Ankit Patel