The News Kit Elementor Addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.1 via the render function in includes/widgets/canvas-menu/canvas-menu.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft Elementor template data.
References
Configurations
History
25 Oct 2024, 21:16
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:blazethemes:news_kit_elementor_addons:*:*:*:*:*:wordpress:*:* | |
First Time |
Blazethemes news Kit Elementor Addons
Blazethemes |
|
CWE | NVD-CWE-noinfo | |
References | () https://plugins.trac.wordpress.org/changeset/3169975/news-kit-elementor-addons - Patch | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/ffc5408c-ca31-4cb6-8cb5-063acbbad01e?source=cve - Third Party Advisory |
23 Oct 2024, 15:12
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
22 Oct 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-22 08:15
Updated : 2024-10-25 21:16
NVD link : CVE-2024-9541
Mitre link : CVE-2024-9541
CVE.ORG link : CVE-2024-9541
JSON object : View
Products Affected
blazethemes
- news_kit_elementor_addons
CWE