CVE-2024-12062

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-12062
The Charity Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.3 via the 'nacharity_elementor_template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.

4.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://plugins.trac.wordpress.org/browser/charity-addon-for-elementor/trunk/elementor/lib/lib.php#L12 Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/7ac68314-c704-4273-addc-4bc623659769?source=cve Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:nicheaddons:charity_addon_for_elementor:*:*:*:*:*:wordpress:*:*
History

08 Apr 2026, 18:19

Type Values Removed Values Added
Summary (en) The Charity Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.2 via the 'nacharity_elementor_template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. (en) The Charity Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.3 via the 'nacharity_elementor_template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.

27 Mar 2025, 16:16

Type Values Removed Values Added
Summary
  • (es) El complemento Charity Addon para Elementor para WordPress es vulnerable a la exposición de información en todas las versiones hasta la 1.3.2 incluida a través del código abreviado 'nacharity_elementor_template' debido a restricciones insuficientes sobre qué publicaciones se pueden incluir. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, extraigan datos de publicaciones privadas o borradores creadas por Elementor a las que no deberían tener acceso.
References () https://plugins.trac.wordpress.org/browser/charity-addon-for-elementor/trunk/elementor/lib/lib.php#L12 - () https://plugins.trac.wordpress.org/browser/charity-addon-for-elementor/trunk/elementor/lib/lib.php#L12 - Product
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/7ac68314-c704-4273-addc-4bc623659769?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/7ac68314-c704-4273-addc-4bc623659769?source=cve - Third Party Advisory
CPE cpe:2.3:a:nicheaddons:charity_addon_for_elementor:*:*:*:*:*:wordpress:*:*
First Time Nicheaddons
Nicheaddons charity Addon For Elementor

03 Dec 2024, 10:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-12-03 10:15

Updated : 2026-04-08 18:19

NVD link : CVE-2024-12062

Mitre link : CVE-2024-12062

CVE.ORG link : CVE-2024-12062

JSON object : View

Products Affected

nicheaddons

  • charity_addon_for_elementor
CWE
CWE-639

Authorization Bypass Through User-Controlled Key