CVE-2021-24948 in Plus Addons for Elementor Pro Plugin
Сводка
по MITRE • 10.01.2022
The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery parameter of the tp_get_dl_post_info_ajax AJAX action, which could allow unauthenticated users to retrieve sensitive information, such as private and draft posts
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.