Vulnerabilities > CVE-2024-8494 - Unspecified vulnerability in Elementor Website Builder

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

elementor

NVD

Published: 2025-01-30

Updated: 2025-01-30

Summary

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.25.10 via the 'elementor-template' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the content of Private, Pending, and Draft Templates. The vulnerability was partially patched in version 3.24.4.

Vulnerable Configurations

Part	Description	Count
Application	Elementor Elementor Website Builder *	1

References

https://elementor.com/
https://www.wordfence.com/threat-intel/vulnerabilities/id/94ada60f-1e20-454e-a9d7-7849be764d81?source=cve