cleantalk

Vulnerabilities and Security Researches

Security report for CVE Hash Elements > CVE-2024-10802

CVE, Research URL

CVE-2024-10802

Home page URL

Security reports for Hash Elements

Application

Hash Elements

Published on
Nov 13, 2024
Research Description
The Hash Elements plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hash_elements_get_posts_title_by_id() function in all versions up to, and including, 1.4.7. This makes it possible for unauthenticated attackers to retrieve draft post titles that should not be accessible to unauthenticated users.
Affected versions
Min -, max 1.4.8.
Status
vulnerable
Previous vulnerability researches
Hash Elements (CVE-2024-30426) , Jun 07, 2024
Hash Elements (CVE-2024-5177) , Jun 07, 2024
Hash Elements (CVE-2024-10802) , Nov 14, 2024
Hash Elements (CVE-2025-22296) , Jan 09, 2025
New vulnerability
Booking Calendar Contact Form (CVE-2025-24723) , Jan 26, 2025
Premium Packages – Sell Digital Products Securely (CVE-2025-24659) , Jan 26, 2025
Super block slider – Responsive image & content slider (CVE-2025-24682) , Jan 26, 2025
shMapper by Teplitsa (CVE-2025-24674) , Jan 26, 2025
Modal Window – create popup modal window (CVE-2025-24717) , Jan 26, 2025