Elementor Addon Elements < 1.13.9 – Authenticated (Contributor+) Sensitive Information Exposure via table_saved_sections | CVE 2024-8902 | Plugin Vulnerabilities

Description

The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.8 via the render_column function in modules/data-table/widgets/data-table.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.

Affects Plugins

addon-elements-for-elementor-page-builder

Fixed in 1.13.9

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/7317ecf5-d43d-4080-ad2a-7644764dd41e

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Original Researcher

Ankit Patel

Verified

No

WPVDB ID

6364f709-49a7-4a06-8eb5-68d9c28bbe07

Timeline

Publicly Published

2024-10-11 (about 1 year ago)

Added

2024-10-11 (about 1 year ago)

Last Updated

2024-10-12 (about 1 year ago)

Other

Published

Title

Published

2024-04-09

Title

WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score < 7.1.0 - Sensitive Information Exposure via insufficiently protected files

Published

2025-12-08

Title

Custom Field Template < 2.7.7 - Authenticated (Subscriber+) Information Exposure

Published

2025-01-24

Title

WooCommerce Quick View < 1.1.3 - Unauthenticated Information Disclosure

Published

2024-05-03

Title

SEOPress < 7.7 - Information Exposure

Published

2025-01-13

Title

Event monster < 1.4.4 - Information Exposure Via Visitors List Export