Vulnerabilities > CVE-2024-9541 - Unspecified vulnerability in Blazethemes News KIT Elementor Addons

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

blazethemes

NVD

Published: 2024-10-22

Updated: 2024-10-25

Summary

The News Kit Elementor Addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.1 via the render function in includes/widgets/canvas-menu/canvas-menu.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft Elementor template data.

Vulnerable Configurations

Part	Description	Count
Application	Blazethemes Blazethemes News KIT Elementor Addons *	1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/ffc5408c-ca31-4cb6-8cb5-063acbbad01e?source=cve
https://plugins.trac.wordpress.org/changeset/3169975/news-kit-elementor-addons