Security Advisory

CVE-2021-24948

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-01-10 15:30:31

Last updated 2024-08-03 19:49:14

Assigner WPScan

State PUBLISHED

Description

The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery parameter of the tp_get_dl_post_info_ajax AJAX action, which could allow unauthenticated users to retrieve sensitive information, such as private and draft posts

← Browse all CVEs View on cve.org ↗