漏洞标题
Elementor Website Builder Pro – 不只是一个页面生成器 <= 3.25.10 - 经认证 (贡献者+) 短代码导致敏感信息泄露
漏洞描述信息
针对WordPress的Elementor Website Builder Pro插件在所有版本中(包括3.25.10版本)存在敏感信息泄露漏洞,该漏洞通过'elementor-template'短代码触发。这使得具备Contributor级别及以上权限的认证攻击者能够提取包括Private、Pending和Draft Templates内容在内的敏感数据。该漏洞在3.24.4版本中部分修复。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
漏洞类别
信息暴露
漏洞标题
Elementor Website Builder Pro – More than Just a Page Builder <= 3.25.10 - Authenticated (Contributor+) Sensitive Information Exposure via Shortcode
漏洞描述信息
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.25.10 via the 'elementor-template' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the content of Private, Pending, and Draft Templates. The vulnerability was partially patched in version 3.24.4.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
漏洞类别
信息暴露