cleantalk
Vulnerabilities and Security Researches

Elementor Header & Footer Builder, CVE-2024-10050

CVE, Research URL

CVE-2024-10050

Home page URL

Security reports for Elementor Header & Footer Builder

Application

Elementor Header & Footer Builder

Published on
Oct 24, 2024
Research Description
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 1.6.43 via the hfe_template shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to view the contents of Draft, Private and Password-protected posts they do not own.
Affected versions
Min -, max 1.6.44.
Status
vulnerable
Previous vulnerability researches
Elementor Header & Footer Builder (CVE-2024-11230) , Dec 24, 2024
Elementor Header & Footer Builder (CVE-2024-10325) , Nov 09, 2024
Elementor Header & Footer Builder (CVE-2024-10050) , Oct 25, 2024
Elementor Header & Footer Builder (CVE-2025-8488) , Aug 02, 2025
Elementor Header & Footer Builder (CVE-2024-33933) , Jul 05, 2024
New vulnerability
Google Map Targeting (CVE-2025-52732) , Aug 04, 2025
WP CTA – Call To Action Plugin, Sticky CTA, Floating Buttons, Floating Tab Plugin (CVE-2025-8152) , Aug 04, 2025
One Click Demo Import , Aug 04, 2025
My Reservation System (CVE-2025-7022) , Aug 02, 2025
Connector for Gravity Forms and Google Sheets (CVE-2025-54682) , Aug 02, 2025