Sensitive Information Exposure in Animation Addons for Elementor Plugin
CVE-2024-12340

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Animation Addons For Elementor – GSAP Motion Elementor Addons & Website Templates
Vendor: CVE Published:; 18 December 2024

What is CVE-2024-12340?

CVE-2024-12340 is a critical vulnerability in the Animation Addons for Elementor plugin for WordPress, affecting all versions up to and including 1.1.6. The flaw allows authenticated attackers with Contributor-level access or higher to exploit the 'render' function in specific files, namely widgets/content-slider.php and widgets/tabs.php. This vulnerability leads to the unauthorized extraction of sensitive private, pending, and draft Elementor template data, posing a significant risk to website owners and their users. It is imperative for users of the affected plugin to upgrade to the latest version to safeguard confidential information.

Affected Version(s)

Animation Addons for Elementor – GSAP Motion Elementor Addons & Website Templates 0 <= 1.1.6

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset/3205250/anim...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 18, 2024

CVE-2024-12340 Data

JSON