Sensitive Information Exposure Vulnerability in ElementsKit Pro Plugin

CVE-2024-7063
4.3MEDIUM

Key Information

Vendor
WPmet
Status
Elementskit Pro
Vendor
CVE Published:
15 August 2024

Summary

The ElementsKit Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.6 via the 'render_raw' function. This can allow authenticated attackers, with Contributor-level permissions and above, to extract sensitive data including private, future, and draft posts.

Affected Version(s)

ElementsKit Pro <= 3.6.6

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published.

  • Disclosed

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database

Credit

Craig Smith
.