Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:CF2BD6AA-4211-4C2E-BFA2-6C8A6A3B02D0
HistoryFeb 06, 2024 - 12:00 a.m.

Happy Addons for Elementor < 3.10.2 - Missing Authorization via add_row_actions

2024-02-0600:00:00
wpscan.com
13
wordpress
elementor
unauthorized access

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Description The Happy Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the add_row_actions() function in versions up to, and including, 3.10.1. This makes it possible for authenticated attackers, with contributor-level access and above, to clone arbitrary posts, including password protected posts which may allow them to access the restricted posts content.

CPENameOperatorVersion
eq3.10.2

Related

nvd 1
cve 1
cvelist 1
wordfence 1
nvd
nvd
CVE-2024-24833
2024-05-08 14:15:07
cve
cve
CVE-2024-24833
2024-05-08 14:15:07
cvelist
cvelist
CVE-2024-24833 WordPress Happy Addons for Elementor plugin <= 3.10.1 - Broken Access Control on Post Clone vulnerability
2024-05-08 13:28:22
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (January 29, 2024 to February 4, 2024)
2024-02-08 14:49:08

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON
Related for WPVDB-ID:CF2BD6AA-4211-4C2E-BFA2-6C8A6A3B02D0
nvd1cve1cvelist1wordfence1