CVE-2024-2966

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Apr 11, 2024

CWE ID 1393

Summary

CVE-2024-2966 is a newly identified vulnerability affecting the Element Pack Elementor Addons plugin for WordPress. The issue lies within the 'element_pack_ajax_search' function, which is susceptible to Sensitive Information Exposure. This vulnerability allows unauthenticated attackers to access sensitive data, including password-protected post details. Versions up to and including 5.5.6 are reportedly affected, posing a significant risk to WordPress sites using this plugin. It is crucial for users to update their plugins to the latest, secure version to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vCAipA
https://www.cve.org/CVERecord?id=CVE-2024-2966
https://nvd.nist.gov/vuln/detail/CVE-2024-2966

Back to Vulnerability Database

CVE-2024-2966

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations