Private Post Data Exposed through Unfold Widget
CVE-2024-10693
4.3MEDIUM
Key Information:
- Vendor
Wordpress
- Status
- Vendor
- CVE Published:
- 9 November 2024
What is CVE-2024-10693?
The SKT Addons for Elementor plugin for WordPress is affected by a vulnerability that allows authenticated users with Contributor-level access or above to gain unauthorized access to sensitive information. This occurs through the Unfold widget, where insufficient restrictions permit these users to access private or draft posts created using Elementor. As a result, sensitive content may be exposed to users who should not have access, leading to potential data leaks and privacy concerns for site owners relying on the Elementor platform.
Affected Version(s)
SKT Addons for Elementor * <= 3.3