CVE-2024-6757

CWE-200 — Information Exposure4 documents4 sources

Severity

4.3MEDIUM

EPSS

0.4%

top 38.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Elementor Website Builder Elemntor Elementor Website Builder – More Than Just A Page Builder

Timeline

PublishedOct 15

Description

The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 3.23.5 via the get_image_alt function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract either excerpt data or titles of private or password-protected posts.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5elemntor/elementor_website_builder_–_more_than_just_a_page_builder3.24.5

▶NVDelementor/website_builder< 3.24.6

🔴Vulnerability Details

GHSA

GHSA-3hwm-xx77-96rq: The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to,↗2024-10-15

▶

CVEList

Elementor <= 3.23.5 - Authenticated (Contributor+) Basic Information Exposure via get_image_alt Function↗2024-10-15

▶

OSV

php7.4, php8.1, php8.2 vulnerabilities↗2024-05-02

▶