WordPress Plugin Vulnerabilities

Exclusive Addons Elementor < 2.6.9.2 - Missing Authorization to Post Duplication

Description

The Exclusive Addons Elementor plugin for WordPress is vulnerable to unauthorized access of datadue to an insufficient capability check on the duplicate_post() function in versions up to, and including, 2.6.9.1. This makes it possible for authenticated attackers, with contributor-level access and above, to duplicate other users posts which can lead to information disclosure for private posts.

Affects Plugins

Plugin icon
exclusive-addons-for-elementor
Fixed in 2.6.9.2

References

CVE
CVE-2024-33914
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/eae9b960-36b1-4b83-855a-d1beaa60a93f

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Khalid
Verified
No
WPVDB ID
69cf5994-c0ea-423b-bcf5-e59d858b84da

Timeline

Publicly Published
2024-04-29 (about 1 year ago)
Added
2024-05-07 (about 1 year ago)
Last Updated
2024-05-07 (about 1 year ago)

Other

Published
Title
Published
2023-08-29
Title
Site Reviews < 6.10.3 - Missing Authorization
Published
2026-01-11
Title
Live sales notification for WooCommerce <= 2.3.47 - Missing Authorization
Published
2025-07-29
Title
Bookify < 1.0.10 - Authenticated (Subscriber+) Privilege Escalation
Published
2024-09-24
Title
Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Google sheet as a Table. < 3.8.1 - Missing Authorization to Authenticated (Subscriber+) Settings Update
Published
2025-10-28
Title
Elastic Email Sender < 1.2.21 - Missing Authorization