Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2024-10696

The UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.8 via the show_template due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to expose the contents of draft, private, and pending posts.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 20.0%
CVSS Severity
CVSS v3 Score 4.3
Products affected by CVE-2024-10696


Contact Us

Shodan ® - All rights reserved