Get Started

WordPress: Insecure Direct Object Reference in Education Addon for Elementor Plugin

by the Hossted team
19.02.2025

In Education Addon for Elementor plugin for WordPress versions 1.3.1 and prior a medium severity vulnerability CVE-2024-13854 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to extract information from non-public posts created with Elementor via the naedu_elementor_template shortcode, due to missing validation on a user-controlled key. Currently, there is no fix version for that issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13854.

Related articles
OSSpedia
OSSpedia 19 Feb 2025 WordPress: Cross-Site Request Forgery Vulnerability in DeBounce Email Validator Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 19 Feb 2025 WordPress: Unauthorized Access Vulnerability in Raptive Ads Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 11 Mar 2025 WordPress: Stored XSS Vulnerability in Countdown Timer Plugin Business and Enterprise Solutions CMS WOR