Sensitive Information Exposure in 140+ Widgets | Xpro Addons For Elementor by WordPress
CVE-2024-12584
6.5MEDIUM
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 8 January 2025
What is CVE-2024-12584?
The 140+ Widgets | Xpro Addons For Elementor plugin for WordPress is susceptible to sensitive information exposure due to its 'duplicate' function. Authenticated attackers with Contributor-level access or higher can exploit this vulnerability to access and extract sensitive data from draft, scheduled, private, and password-protected posts. This security issue poses significant risks to data privacy and integrity, especially for sites that manage confidential information.
Affected Version(s)
140+ Widgets | Xpro Addons For Elementor – FREE * <= 1.4.6.2