Vulnerabilities > CVE-2024-10319 - Unspecified vulnerability in Wpxpro Xpro Addons for Elementor

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

wpxpro

NVD

Published: 2024-11-05

Updated: 2024-11-08

Summary

The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6 via the render function in widgets/content-toggle/layout/frontend.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.

Vulnerable Configurations

Part	Description	Count
Application	Wpxpro Wpxpro Xpro Addons FOR Elementor *	1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/382a46c2-9fec-4642-93b0-c06b9ed1c086?source=cve
https://plugins.trac.wordpress.org/changeset/3179221/xpro-elementor-addons