Stratum – Elementor Widgets < 1.4.5 – Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates | CVE 2024-10316 | Plugin Vulnerabilities

Description

The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.4 in includes/templates/content-switcher.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.

Affects Plugins

Fixed in 1.4.5

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/0a1cf60b-47bd-4e67-8fe4-6cf46809f2b2

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Original Researcher

Ankit Patel

Verified

No

WPVDB ID

3ec341de-3c0d-4e2a-9d43-bee6f89b108d

Timeline

Publicly Published

2024-11-20 (about 1 year ago)

Added

2024-11-20 (about 1 year ago)

Last Updated

2024-11-21 (about 1 year ago)

Other

Published

Title

Published

2019-11-12

Title

WP Slacksync < 1.8.6 - Slack Access Token Disclosure

Published

2026-02-22

Title

WoodMart < 8.4.0 - Unauthenticated Sensitive Information Exposure

Published

2024-07-04

Title

Simple Job Board < 2.12.6 - Unauthenticated Resumes Download

Published

2023-11-30

Title

Backup Migration < 1.3.7 - Unauthenticated Arbitrary File Download to Sensitive Information Exposure

Published

2025-05-07

Title

Mail Mint < 1.17.8 - Unauthenticated Sensitive Information Exposure