[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f5qaycuf8WKrDjuJzuQ87wa6mWWo1xglYFR9DGhTyVnw":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2023-0443","anywhere-elementor-sensitive-information-exposure","AnyWhere Elementor \u003C= 1.2.7 - Sensitive Information Exposure","The AnyWhere Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.7 via the wpv_ae. This allowed anyone able to view the plugin repo to view a Freemius API Secret Key allowing them to purchase Freemius Pro using fake credit card numbers. The API Key has been revoked at this time. Note that this vulnerability does not directly impact WordPress sites.","anywhere-elementor",null,"\u003C=1.2.7","1.2.8","high",8.6,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:C\u002FC:H\u002FI:N\u002FA:N","Exposure of Sensitive Information to an Unauthorized Actor","2023-05-02 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5782439f-a546-45f6-aec7-e600442d3c41?source=api-prod",266]