Information Exposure Vulnerability in Elementor Addons by WordPress
CVE-2024-12140

4.3MEDIUM

Key Information:

Vendor
Wordpress
Status
Elementor Addons Ai Addons – 70 Widgets, Premium Templates, Ultimate Elements
Vendor
CVE Published:
7 January 2025

Summary

The Elementor Addons AI Addons plugin, up to version 2.2.1, is susceptible to an information exposure vulnerability. This flaw arises from insufficient validation in the render function, which permits authenticated users with Contributor-level access and above to reveal data from private or draft templates. As a result, such users may access sensitive information they should be barred from, representing a significant risk for site security.

Affected Version(s)

Elementor Addons AI Addons – 70 Widgets, Premium Templates, Ultimate Elements * <= 2.2.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/ai-addons-for-...
https://plugins.trac.wordpress.org/browser/ai-addons-for-...

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Nirmal Kavaiya
.