CVE-2021-24948 in Plus Addons for Elementor Pro Plugininformación

Resumen

por MITRE • 2022-01-10

The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery parameter of the tp_get_dl_post_info_ajax AJAX action, which could allow unauthenticated users to retrieve sensitive information, such as private and draft posts

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservar

2021-01-14

Divulgación

2022-01-10

Moderación

aceptado

Artículo

VDB-189872

CPE

listo

EPSS

0.01815

KEV

no

Actividades

muy bajo

Fuentes

Want to stay up to date on a daily basis?

Enable the mail alert feature now!