Vulnerabilities > CVE-2023-4723 - Unspecified vulnerability in Webtechstreet Elementor Addon Elements
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.12.7 via the ajax_eae_post_data function. This can allow unauthenticated attackers to extract sensitive data including post/page ids and titles including those of with pending/draft/future/private status.
Vulnerable Configurations
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/89489218-263f-4157-a5cd-a12bc6a0dfe6?source=cve
- https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/classes/helper.php#L20
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2996185%40addon-elements-for-elementor-page-builder%2Ftrunk&old=2980987%40addon-elements-for-elementor-page-builder%2Ftrunk&sfp_email=&sfph_mail=#file15