cleantalk
Vulnerabilities and Security Researches

Piotnet Addons For Elementor, CVE-2024-10775

CVE, Research URL

CVE-2024-10775

Home page URL

Security reports for Piotnet Addons For Elementor

Application

Piotnet Addons For Elementor

Published on
Jan 15, 2025
Research Description
The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.4.32 via the 'pafe-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.
Affected versions
Min -, max 2.4.33.
Status
vulnerable
Previous vulnerability researches
Piotnet Addons For Elementor (CVE-2024-5614) , Jul 28, 2024
Piotnet Addons For Elementor (CVE-2024-5502) , Aug 24, 2024
Piotnet Addons For Elementor (CVE-2024-9673) , Jan 08, 2025
Piotnet Addons For Elementor (CVE-2024-4262) , Jun 07, 2024
Piotnet Addons For Elementor (CVE-2024-29934) , Jun 07, 2024
New vulnerability
Sign-up Sheets (CVE-2025-26996) , Apr 17, 2025
Cart66 Cloud :: WordPress Ecommerce The Easy Way (CVE-2025-32653) , Apr 17, 2025
C9 Blocks (CVE-2025-26951) , Apr 17, 2025
Widget for Social Page Feeds (CVE-2024-13207) , Apr 17, 2025
WP User Profiles (CVE-2025-31524) , Apr 17, 2025