How severe is CVE-2024-8978?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.7 out of 10.

What type of vulnerability is CVE-2024-8978?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2024-8978 - MEDIUM Severity | CVSS 5.7

Vulnerability Description

The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.9 via the 'init_content_register_user_email_controls' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including usernames and passwords of any users who register via the Login | Register Form widget, as long as that user opens the email notification for successful registration.

Related Vulnerabilities

CVE-2012-1994

MEDIUM

CVSS:5.7(Medium)

HP Systems Insight Manager before 7.0 allows a remote user on adjacent network to access information

CWE-2002012

CVE-2016-3037

MEDIUM

CVSS:5.7(Medium)

IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's password with a valid session key. An authenticated attacker with user interaction could obtain this sensitive information. IBM X...

CWE-2002016

CVE-2016-5602

MEDIUM

CVSS:5.7(Medium)

Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect...

CWE-2002016

CVE-2017-1214

MEDIUM

CVSS:5.7(Medium)

IBM iNotes 8.5 and 9.0 could allow a remote attacker to send a malformed email to a victim, that when opened could cause an information disclosure. IBM X-Force ID: 123854.

CWE-2002017

CVE-2017-20101

MEDIUM

CVSS:5.7(Medium)

A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects an unknown part of the file process.php?do=zip_download. The manipulation of the argument client/file ...

CWE-2002017

CVE-2017-3292

MEDIUM

CVSS:5.7(Medium)

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily exploi...

CWE-2002017