cleantalk
Vulnerabilities and Security Researches

Attesa Extra, CVE-2024-10688

CVE, Research URL

CVE-2024-10688

Home page URL

Security reports for Attesa Extra

Application

Attesa Extra

Published on
Nov 09, 2024
Research Description
The Attesa Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.2 via the 'attesa-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.
Affected versions
max 1.4.3.
Status
vulnerable
Previous vulnerability researches
Attesa Extra (CVE-2025-62971) , Nov 11, 2025
Attesa Extra (CVE-2024-32594) , Jun 07, 2024
Attesa Extra (CVE-2024-10688) , Nov 10, 2024
New vulnerability
Master Blocks – Ultimate Gutenberg Blocks for Marketers (CVE-2025-10896) , Nov 11, 2025
Reuse Builder (CVE-2025-11812) , Nov 11, 2025
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) (CVE-2025-11823) , Nov 11, 2025
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) (CVE-2025-12493) , Nov 11, 2025
Gravity Forms Google Sheet Connector (CVE-2025-8606) , Nov 11, 2025