VYPR
Unrated severityNVD Advisory· Published Dec 12, 2024· Updated Apr 8, 2026

ElementInvader Addons for Elementor <= 1.3.1 - Missing Authorization to Arbitrary Options Read

CVE-2024-12059

Description

The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.1 via the eli_option_value shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract arbitrary options from the wp_options table.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.