SB2025012425 - Information disclosure in Elementor Addon Elements plugin for WordPress
Published: January 24, 2025
Security Bulletin ID
SB2025012425
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Information disclosure (CVE-ID: CVE-2024-13215)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in the "render" function in modules/modal-popup/widgets/modal-popup.php. A remote user can gain unauthorized access to sensitive information on the system.
Remediation
Install update from vendor's website.
References
- https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/modules/modal-popup/widgets/modal-popup.php#L1058
- https://plugins.trac.wordpress.org/changeset/3221982/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/4feacb75-0533-4f53-8ce9-3e45ee8336e2?source=cve