Vulnerability in Elementor Charity Addon Allows Attackers to Access Private Posts
CVE-2024-12062
4.3MEDIUM
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 3 December 2024
What is CVE-2024-12062?
The Charity Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.2 via the 'nacharity_elementor_template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.
Affected Version(s)
Charity Addon for Elementor * <= 1.3.2