CVE-2024-13832

low-risk
Published 2025-02-28

The Ultra Addons Lite for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.8 via the 'ut_elementor' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.

Do I need to act?

-
0.10% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.3/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Ultra Addons Lite For Elementor

Affected Vendors

Uncodethemes

References (3)

Product https://plugins.trac.wordpress.org/browser/ut-elementor-addons-lite/trunk/includ...
https://plugins.trac.wordpress.org/changeset/3258158/ut-elementor-addons-lite/tr...
Third Party Advisory https://www.wordfence.com/threat-intel/vulnerabilities/id/476883a8-c258-477b-99d...
23
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal