CVE-2024-13217: 
WordPress vulnerability analysis and mitigation

The Jeg Elementor Kit plugin for WordPress (CVE-2024-13217) contains a Sensitive Information Exposure vulnerability affecting all versions up to and including 2.6.11. The vulnerability was discovered by researcher Ankit Patel and was publicly disclosed on February 26, 2025. The issue resides in the 'expireddata' and 'buildcontent' functions of the plugin (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. The weakness is categorized as CWE-359 (Exposure of Private Personal Information to an Unauthorized Actor). The vulnerability specifically affects the countdown and off-canvas components of the plugin (Wordfence).

The vulnerability allows authenticated attackers with Contributor-level access or higher to extract sensitive private information, including pending, scheduled, and draft template data from the WordPress installation (NVD).

Users should update their Jeg Elementor Kit plugin to a version newer than 2.6.11 when available. The vulnerability has been documented in the WordPress plugin repository, indicating awareness of the issue (WordPress).