CVE-2021-24948

CVE-2021-24948: The Plus Addons for Elementor Pro < 5.0.7 - Sensitive Data Disclosure

Vendor Unknown

Product The Plus Addons for Elementor - Pro

Weakness CWE-200 · Info exposure

Published January 10, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery parameter of the tp_get_dl_post_info_ajax AJAX action, which could allow unauthenticated users to retrieve sensitive information, such as private and draft posts

Key dates

02Disclosure timeline

January 10, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24948 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

Identifiers

CVE CVE-2021-24948

CWE CWE-200

Affected versions

Vendor Unknown

Product The Plus Addons for Elementor - Pro

Affected ≥ 5.0.4 and < 5.0.4*

Vendor Unknown

Product The Plus Addons for Elementor - Pro

Affected ≥ 5.0.7 and < 5.0.7

CVE-2021-24948: The Plus Addons for Elementor Pro < 5.0.7 - Sensitive Data Disclosure

01Description

02Disclosure timeline

03References

04Related CVE