NuytsTech Security

CVE-2024-11852

by ·

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_layouts() function in all versions up to, and including, 5.10.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain a detailed listing of layout templates.

More information : https://plugins.trac.wordpress.org/browser/bdthemes-element-pack-lite/trunk/includes/template-library/editor/manager/api.php#L100

Attack vector : NETWORK
Attack complexity : LOW
Privileges required : LOW
User interaction : NONE
Confidentiality impact : LOW
Integrity impact : NONE
Base score : 4.3
Base severity : MEDIUM
Exploitability score : 2.8
Impact score : 1.4

Tags: