[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fId-iwUIson5MP2BAV8YwqrXgLXYhmUSoqmP11e6plnA":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2024-13855","prime-addons-for-elementor-authenticated-contributor-insecure-direct-object-reference-via-paeglobalblock-shortcode","Prime Addons for Elementor \u003C= 2.0.1 - Authenticated (Contributor+) Insecure Direct Object Reference via pae_global_block Shortcode","The Prime Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.1 via the pae_global_block shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract information from posts that are not public, including drafts, private, password protected, and restricted posts. This applies to posts created with Elementor only.","prime-addons-for-elementor",null,"\u003C=2.0.1","2.0.2","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:L\u002FI:N\u002FA:N","Improper Access Control","2025-02-19 21:08:18","2025-03-13 19:48:15",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fac5012f2-3518-41c0-befe-597008f22152?source=api-prod",22]