Vulnerabilities > Authorization Bypass Through User-Controlled Key

DATE CVE VULNERABILITY TITLE RISK
2024-12-06 CVE-2024-10689 The XLTab – Accordions and Tabs for Elementor Page Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4 via the 'XLTAB_INSERT_TPL' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
2024-12-06 CVE-2024-10692 The PowerPack Elementor Addons (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 via the Content Reveal widget due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
2024-12-05 CVE-2024-10777 The AnyWhere Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.11 via the 'INSERT_ELEMENTOR' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
2024-12-04 CVE-2024-10787 The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
2024-12-04 CVE-2024-12099 The Dollie Hub – Build Your Own WordPress Cloud Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.2.0 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
2024-12-03 CVE-2024-12062 The Charity Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.2 via the 'nacharity_elementor_template' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
2024-11-28 CVE-2024-10670 The Primary Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.2 via the [prim_elementor_template] shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
2024-11-28 CVE-2024-10780 The Restaurant & Cafe Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.5.9 via the 'narestaurant_elementor_template' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
2024-11-28 CVE-2024-10798 The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1003 via the 'wpr-template' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
2024-11-23 CVE-2024-10868 The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.9 via the Advanced Tabs widget due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3