CVE-2024-2974

MEDIUM Year: 2024
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-922
View all →

Vulnerability Description

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 5.9.13 via the load_more function. This can allow unauthenticated attackers to extract sensitive data including private and draft posts.

Related Vulnerabilities

CVE-2018-20886

MEDIUM
CVSS:5.3(Medium)

cPanel before 74.0.0 insecurely stores phpMyAdmin session files (SEC-418).

CWE-9222018

CVE-2019-14957

MEDIUM
CVSS:5.3(Medium)

The JetBrains Vim plugin before version 0.52 was storing individual project data in the global vim_settings.xml file. This xml file could be synchronized to a publicly accessible GitHub repository.

CWE-9222019

CVE-2019-4549

MEDIUM
CVSS:5.3(Medium)

IBM Security Directory Server 6.4.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 165951.

CWE-9222019

CVE-2020-13937

MEDIUM
CVSS:5.3(Medium)

Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3...

CWE-9222020

CVE-2022-32833

MEDIUM
CVSS:5.3(Medium)

An issue existed with the file paths used to store website data. The issue was resolved by improving how website data is stored. This issue is fixed in iOS 16. An unauthorized user may be able to acce...

CWE-9222022

CVE-2023-37521

MEDIUM
CVSS:5.3(Medium)

HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower can sometimes include sensitive information in a query string which could allow an attacker to execute a malicious attack.

CWE-9222023