WordPress Plugin Vulnerabilities

Piotnet Addons For Elementor < 2.4.30 - Unauthenticated Sensitive Information Exposure

Description

The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.29 via the 'pafe_posts_list' function. This makes it possible for unauthenticated attackers to extract sensitive data including titles and excerpts of future, draft, and pending blog posts.

Affects Plugins

Plugin icon
piotnet-addons-for-elementor
Fixed in 2.4.30

References

CVE
CVE-2024-5614
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/2880cde0-a278-4a41-97f7-c54c2b3aceb2

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Webbernaut
Verified
No
WPVDB ID
6ce3ea34-917d-40c7-81e9-9edc67ce797c

Timeline

Publicly Published
2024-07-26 (about 1 year ago)
Added
2024-07-26 (about 1 year ago)
Last Updated
2024-07-27 (about 1 year ago)

Other

Published
Title
Published
2026-06-10
Title
Digital Signature Add-on for WooCommerce < 2.0.1 - Unauthenticated Information Exposure
Published
2025-08-28
Title
Elementor Addon Elements < 1.14.5 - Authenticated (Contributor+) Information Exposure
Published
2024-12-16
Title
PPWP – Password Protect Pages < 1.9.6 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure
Published
2025-09-22
Title
Quiz Maker < 6.7.0.66 - Unauthenticated Sensitive Information Exposure
Published
2025-09-29
Title
Upload.am < 1.0.1 - Contributor+ Arbitrary Option Update