CVE-2024-9530

The Qi Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.0 via private templates. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the contents of templates that are private.
Configurations

Configuration 1 (hide)

cpe:2.3:a:qodeinteractive:qi_addons_for_elementor:*:*:*:*:*:wordpress:*:*

History

25 Oct 2024, 18:52

Type Values Removed Values Added
First Time Qodeinteractive qi Addons For Elementor
Qodeinteractive
CWE NVD-CWE-noinfo
CPE cpe:2.3:a:qodeinteractive:qi_addons_for_elementor:*:*:*:*:*:wordpress:*:*
References () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3170536%40qi-addons-for-elementor%2Ftrunk&old=3159768%40qi-addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail= - () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3170536%40qi-addons-for-elementor%2Ftrunk&old=3159768%40qi-addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail= - Patch
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/0dd93514-657c-4b04-931a-23f3d405fb88?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/0dd93514-657c-4b04-931a-23f3d405fb88?source=cve - Third Party Advisory

23 Oct 2024, 15:12

Type Values Removed Values Added
Summary
  • (es) El complemento Qi Addons For Elementor para WordPress es vulnerable a la exposición de información confidencial en todas las versiones hasta la 1.8.0 incluida a través de plantillas privadas. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, extraigan datos confidenciales, incluido el contenido de plantillas que son privadas.

23 Oct 2024, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-23 08:15

Updated : 2024-10-25 18:52


NVD link : CVE-2024-9530

Mitre link : CVE-2024-9530

CVE.ORG link : CVE-2024-9530


JSON object : View

Products Affected

qodeinteractive

  • qi_addons_for_elementor
CWE
NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor