Vulnerabilities

CVE-2021-24948

by Fred · 10/01/2022

The Plus Addons for Elementor – Pro WordPress plugin before 5.0.7 does not validate the qvquery parameter of the tp_get_dl_post_info_ajax AJAX action, which could allow unauthenticated users to retrieve sensitive information, such as private and draft posts

Date published : 2022-01-10

https://roadmap.theplusaddons.com/updates

https://wpscan.com/vulnerability/2b67005a-476e-4772-b15c-3191911a50b0

Similar

Tags: Cybersecurity Alert