Sensitive Information Exposure in Animation Addons for Elementor Plugin
CVE-2024-12340
4.3MEDIUM
Summary
CVE-2024-12340 is a critical vulnerability in the Animation Addons for Elementor plugin for WordPress, affecting all versions up to and including 1.1.6. The flaw allows authenticated attackers with Contributor-level access or higher to exploit the 'render' function in specific files, namely widgets/content-slider.php and widgets/tabs.php. This vulnerability leads to the unauthorized extraction of sensitive private, pending, and draft Elementor template data, posing a significant risk to website owners and their users. It is imperative for users of the affected plugin to upgrade to the latest version to safeguard confidential information.
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Collectors
NVD Database