Vulnerability Description
The Happy Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to insufficient authorization on the duplicate_thing() function in all versions up to, and including, 3.10.4. This makes it possible for attackers, with contributor-level access and above, to clone arbitrary posts (including private and password protected ones) which may lead to information exposure.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Leevio | Happy Addons For Elementor | <= 3.10.4 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/browser/happy-elementor-addons/trunk/classes/Product
- https://plugins.trac.wordpress.org/changeset/3064385/happy-elementor-addons/trunPatch
- https://www.wordfence.com/threat-intel/vulnerabilities/id/aff10d5a-a2d0-461a-b52Third Party Advisory
- https://plugins.trac.wordpress.org/browser/happy-elementor-addons/trunk/classes/Product
- https://plugins.trac.wordpress.org/changeset/3064385/happy-elementor-addons/trunPatch
- https://www.wordfence.com/threat-intel/vulnerabilities/id/aff10d5a-a2d0-461a-b52Third Party Advisory
FAQ
What is CVE-2024-1387?
CVE-2024-1387 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The Happy Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to insufficient authorization on the duplicate_thing() function in all versions up to, and includin...
How severe is CVE-2024-1387?
CVE-2024-1387 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-1387?
Check the references section above for vendor advisories and patch information. Affected products include: Leevio Happy Addons For Elementor.