CVE-2024-8494

Medium CVSS: 4.3

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.25.10 via the 'elementor-template' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the content of Private, Pending, and Draft Templates. The vulnerability was partially patched in version 3.24.4.

Vendor

Elementor

Product

Website Builder

CWE

CWE-200

Yayın Tarihi

2025-01-30 14:15:36

Güncelleme

2025-01-30 17:12:52

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-200 Website Builder MEDIUM Elementor 2025

Referanslar

https://elementor.com/ https://www.wordfence.com/threat-intel/vulnerabilities/id/94ada60f-1e20-454e-a9d7-7849be764d81?source=cve

Benzer Kayıtlar

Medium

CVE-2025-8081

The Elementor plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.30.2 via…

Medium

CVE-2025-3075

The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Sc…

Medium

CVE-2025-3076

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_text…

Medium

CVE-2025-1319

The Site Mailer – SMTP Replacement, Email API Deliverability & Email Log plugin for WordPress is vulnerable to Stored Cr…

Medium

CVE-2024-54444

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elemento…

Medium

CVE-2024-13445

The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Sc…