CVE-2024-12046

by Fred · 04/02/2025

The Medical Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.2 via the ‘namedical_elementor_template’ shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the content of draft, pending, and private posts.

More information : https://plugins.trac.wordpress.org/browser/medical-addon-for-elementor/trunk/elementor/lib/lib.php#L12

CVE-2024-12046

Similar

Recent Posts

Categories

CVE-2024-12046

Share this:

Similar

Recent Posts

Categories

Tags