The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.0 via the 'ce_template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.
                
            References
                    | Link | Resource | 
|---|---|
| https://wordpress.org/plugins/cowidgets-elementor-addons/ | Product | 
| https://www.wordfence.com/threat-intel/vulnerabilities/id/ec005f9f-3f63-4d73-9bd5-dc9c4c4b8bfe?source=cve | Third Party Advisory | 
Configurations
                    History
                    29 Jan 2025, 20:07
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time | Codeless Codeless cowidgets Elementor Addons | |
| CPE | cpe:2.3:a:codeless:cowidgets_elementor_addons:*:*:*:*:*:wordpress:*:* | |
| References | () https://wordpress.org/plugins/cowidgets-elementor-addons/ - Product | |
| References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/ec005f9f-3f63-4d73-9bd5-dc9c4c4b8bfe?source=cve - Third Party Advisory | 
Information
                Published : 2024-11-09 03:15
Updated : 2025-01-29 20:07
NVD link : CVE-2024-10779
Mitre link : CVE-2024-10779
CVE.ORG link : CVE-2024-10779
JSON object : View
Products Affected
                codeless
- cowidgets_elementor_addons
CWE
                
                    
                        
                        CWE-639
                        
            Authorization Bypass Through User-Controlled Key
