WordPress Plugin Vulnerabilities

Royal Elementor Addons and Templates < 1.3.987 - Authenticated (Subscriber+) Private Post Disclosure

Description

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.986 via the data_fetch. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protected posts.

Affects Plugins

Plugin icon
royal-elementor-addons
Fixed in 1.3.987

References

CVE
CVE-2024-7417
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/c3dfb0b7-5d9f-492b-9a1a-d4445d39c00c

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
stealthcopter
Verified
No
WPVDB ID
72d94228-6157-4fcb-ac92-e356d3c4f19c

Timeline

Publicly Published
2024-10-16 (about 1 year ago)
Added
2024-10-16 (about 1 year ago)
Last Updated
2024-10-17 (about 1 year ago)

Other

Published
Title
Published
2024-08-12
Title
Order Export for WooCommerce < 3.24 - Unauthenticated Sensitive Information Exposure
Published
2025-07-23
Title
AI Engine < 2.9.5 - Missing URL Scheme Validation to Authenticated (Subscriber+) Arbitrary File Read via simpleTranscribeAudio and get_audio Functions
Published
2024-06-24
Title
WPS Hide Login < 1.9.16.4 - Hidden Login Page Disclosure
Published
2021-11-29
Title
CorreosExpress <= 2.6.0 - Sensitive Information Disclosure
Published
2025-11-12
Title
Passster < 4.2.20 - Unauthenticated Information Exposure