NuytsTech Security

CVE-2024-10357

by ·

The Clever Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.1 via the getTemplateContent function in src/widgets/class-clever-widget-base.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.

More information : https://www.wordfence.com/threat-intel/vulnerabilities/id/e1fa3569-9a9a-4aa6-9057-c87601fadb9f?source=cve

Attack vector : NETWORK
Attack complexity : LOW
Privileges required : LOW
User interaction : NONE
Confidentiality impact : LOW
Integrity impact : NONE
Base score : 4.3
Base severity : MEDIUM
Exploitability score : 2.8
Impact score : 1.4

Tags: