{ "id": "CVE-2024-1387", "sourceIdentifier": "security@wordfence.com", "published": "2024-04-09T19:15:16.683", "lastModified": "2025-01-07T18:19:26.400", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Happy Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to insufficient authorization on the duplicate_thing() function in all versions up to, and including, 3.10.4. This makes it possible for attackers, with contributor-level access and above, to clone arbitrary posts (including private and password protected ones) which may lead to information exposure." }, { "lang": "es", "value": "El complemento Happy Addons for Elementor para WordPress es vulnerable al acceso no autorizado a los datos debido a una autorizaci\u00f3n insuficiente en la funci\u00f3n duplicate_thing() en todas las versiones hasta la 3.10.4 incluida. Esto hace posible que los atacantes, con acceso de nivel de colaborador y superior, clonen publicaciones arbitrarias (incluidas las privadas y protegidas con contrase\u00f1a), lo que puede provocar la exposici\u00f3n de la informaci\u00f3n." } ], "metrics": { "cvssMetricV31": [ { "source": "security@wordfence.com", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE" }, "exploitabilityScore": 2.8, "impactScore": 1.4 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-862" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:leevio:happy_addons_for_elementor:*:*:*:*:free:wordpress:*:*", "versionEndIncluding": "3.10.4", "matchCriteriaId": "D3E2E168-2D04-4D21-82B1-70D18E6D3393" } ] } ] } ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/happy-elementor-addons/trunk/classes/clone-handler.php#L58", "source": "security@wordfence.com", "tags": [ "Product" ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3064385/happy-elementor-addons/trunk/classes/clone-handler.php?contextall=1&old=3044937&old_path=%2Fhappy-elementor-addons%2Ftrunk%2Fclasses%2Fclone-handler.php", "source": "security@wordfence.com", "tags": [ "Patch" ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aff10d5a-a2d0-461a-b52b-a25b647eaab4?source=cve", "source": "security@wordfence.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://plugins.trac.wordpress.org/browser/happy-elementor-addons/trunk/classes/clone-handler.php#L58", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Product" ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3064385/happy-elementor-addons/trunk/classes/clone-handler.php?contextall=1&old=3044937&old_path=%2Fhappy-elementor-addons%2Ftrunk%2Fclasses%2Fclone-handler.php", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aff10d5a-a2d0-461a-b52b-a25b647eaab4?source=cve", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ] } ] }