Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total2
Critical0
High0
Medium2
Reset
Showing 1-2 of 2 records
Threat Entry Updated 2024-12-05

CVE-2024-10777 - Anywhere Elementor Plugin

The AnyWhere Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.11 via the 'INSERT_ELEMENTOR' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.

PLUGIN Anywhere Elementor

CVE-2024-10777

MEDIUM CVSS 4.3 2024-12-05
Open Full Technical Breakdown
Threat Entry Updated 2025-01-10

CVE-2023-0443 - Anywhere Elementor Plugin

The AnyWhere Elementor WordPress plugin before 1.2.8 discloses a Freemius Secret Key which could be used by an attacker to purchase the pro subscription using test credit card numbers without actually paying the amount. Such key has been revoked.

PLUGIN Anywhere Elementor

CVE-2023-0443

MEDIUM CVSS 5.3 2023-05-30
Open Full Technical Breakdown
Scroll to top