CVE-2024-12059 is a vulnerability identified in the ElementInvader Addons for Elementor plugin for WordPress, affecting all versions up to and including 1.3.1. The flaw arises from improper authorization checks in the eli_option_value shortcode, which allows authenticated users with Contributor-level privileges or higher to retrieve arbitrary option values from the wp_options table. This table typically stores critical site configuration and plugin settings, which can include sensitive information such as API keys, tokens, or other secrets. The vulnerability is categorized under CWE-639 (Authorization Bypass Through User-Controlled Key), indicating that the plugin fails to properly restrict access to sensitive data based on user permissions. Exploitation requires no user interaction beyond authentication at the Contributor level, making it relatively easy for insiders or compromised accounts with limited privileges to escalate their information access. The CVSS v3.1 base score is 4.3 (medium), reflecting the network attack vector, low complexity, and limited impact confined to confidentiality without affecting integrity or availability. No patches or exploits are currently publicly available, but the exposure of sensitive options can facilitate further attacks such as privilege escalation or targeted exploitation of other vulnerabilities. The vulnerability affects a widely used WordPress plugin, increasing the potential attack surface for websites using this addon for Elementor page builder.

The primary impact of this vulnerability is the unauthorized disclosure of sensitive configuration data stored in the WordPress wp_options table. Attackers with Contributor-level access can extract arbitrary options, potentially revealing API keys, authentication tokens, or other secrets that could be leveraged for further compromise. While the vulnerability does not directly affect data integrity or site availability, the exposure of sensitive information can lead to secondary attacks such as privilege escalation, lateral movement, or targeted exploitation of other vulnerabilities. Organizations relying on this plugin risk data leakage that could undermine their security posture and lead to reputational damage. Since Contributor-level access is relatively low privilege, this vulnerability expands the threat surface to a broader set of users, including potentially compromised accounts or malicious insiders. The absence of known exploits in the wild reduces immediate risk but does not eliminate the potential for future exploitation once the vulnerability becomes widely known.

To mitigate this vulnerability, organizations should first verify if they are running any version of the ElementInvader Addons for Elementor plugin up to 1.3.1 and plan to update to a patched version once available. In the absence of an official patch, administrators should restrict Contributor-level user permissions to trusted individuals only and audit existing user roles to minimize exposure. Disabling or removing the eli_option_value shortcode functionality temporarily can prevent exploitation. Additionally, monitoring access logs for unusual activity involving this shortcode or wp_options table queries can help detect exploitation attempts. Implementing web application firewalls (WAFs) with custom rules to block unauthorized access to the shortcode or suspicious parameter usage may provide interim protection. Regularly reviewing and minimizing sensitive data stored in wp_options can reduce the impact of potential leaks. Finally, educating users about the risks of privilege misuse and enforcing strong authentication controls will further reduce the likelihood of exploitation.