Information Exposure Vulnerability in Typer Core Plugin for WordPress
CVE-2024-12102

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Typer Core
Vendor: CVE Published:; 30 January 2025

What is CVE-2024-12102?

The Typer Core plugin for WordPress has a vulnerability that allows authenticated attackers with Contributor-level access and above to exploit the 'elementor-template' shortcode. Due to insufficient restrictions on post access, these attackers can retrieve sensitive data from private or draft posts created using Elementor that they should not normally access. This vulnerability affects all versions of the plugin up to and including 1.9.6, posing a significant risk of data exposure for WordPress sites utilizing this plugin.

Affected Version(s)

Typer Core * <= 1.9.6

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://wordpress.org/plugins/typer-core/

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 30, 2025
Vulnerability Reserved
Dec 3, 2024

Credit

Francesco Carlucci