{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-01T12:49:22.008","vulnerabilities":[{"cve":{"id":"CVE-2024-12140","sourceIdentifier":"security@wordfence.com","published":"2025-01-07T05:15:14.730","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Elementor Addons AI Addons – 70 Widgets, Premium Templates, Ultimate Elements plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.1 via the render function due to insufficient restrictions on which templates can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft templates that they should not have access to."},{"lang":"es","value":"El complemento Elementor Addons AI Addons – 70 Widgets, Premium Templates, Ultimate Elements para WordPress es vulnerable a la exposición de información en todas las versiones hasta la 2.2.1 incluida a través de la función de renderizado debido a restricciones insuficientes sobre qué plantillas se pueden incluir. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, extraigan datos de plantillas privadas o borradores a los que no deberían tener acceso."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/ai-addons-for-elementor/tags/2.2.1/includes/widgets/accordion.php#L958","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ai-addons-for-elementor/tags/2.2.1/includes/widgets/tab.php#L905","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c00d83a7-dd7a-407d-b44e-7ee0a2a1492a?source=cve","source":"security@wordfence.com"}]}}]}