BuddyBuilder Plugin for WordPress Vulnerable to Information Exposure
CVE-2024-10778

4.3MEDIUM

Key Information:

Vendor: Wordpress
Vendor: CVE Published:; 13 November 2024

Summary

The BuddyPress Builder for Elementor plugin, including all versions up to 1.7.4, suffers from an Information Exposure issue due to inadequate restrictions on the 'elementor-template' shortcode. This vulnerability allows authenticated attackers, who possess Contributor-level access or higher, to inadvertently access and extract data from private or draft posts created using Elementor, which they normally should not be permitted to view. This could lead to unauthorized disclosure of sensitive information contained within those posts.

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://wordpress.org/plugins/stax-buddy-builder/

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 13, 2024