Vulnerability Description
The Builder Shortcode Extras – WordPress Shortcodes Collection to Save You Time plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.0 via the 'bse-elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private and draft posts created with Elementor that they should not have access to.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/browser/builder-shortcode-extras/tags/1.0.0/i
- https://www.wordfence.com/threat-intel/vulnerabilities/id/642dc1d3-a008-4af8-ba9
FAQ
What is CVE-2024-13841?
CVE-2024-13841 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The Builder Shortcode Extras – WordPress Shortcodes Collection to Save You Time plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.0 via the 'bse-elem...
How severe is CVE-2024-13841?
CVE-2024-13841 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-13841?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.