CVE-2021-24948 in Plus Addons for Elementor Pro PluginИнформация

Сводка

по MITRE • 10.01.2022

The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery parameter of the tp_get_dl_post_info_ajax AJAX action, which could allow unauthenticated users to retrieve sensitive information, such as private and draft posts

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Резервировать

14.01.2021

Раскрытие

10.01.2022

Модерация

принято

Вход

VDB-189872

EPSS

0.01815

KEV

Нет

Деятельности

Очень низкий

Сектор

Hostingprovider

Источники

Do you need the next level of professionalism?

Upgrade your account now!