CVE-2024-3733: 
WordPress vulnerability analysis and mitigation

The Essential Addons for Elementor WordPress plugin (versions up to and including 5.9.15) contains a Sensitive Information Exposure vulnerability identified as CVE-2024-3733. The vulnerability affects the ajax_load_more(), eael_woo_pagination_product_ajax(), and ajax_eael_product_gallery() functions, allowing unauthenticated attackers to extract posts that may be in private or draft status (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. This indicates that the vulnerability can be exploited remotely with low attack complexity, requires no privileges or user interaction, and primarily impacts confidentiality. The weakness has been categorized as CWE-922 (Insecure Storage of Sensitive Information) (NVD).

The vulnerability allows unauthorized access to private and draft posts within WordPress installations using the affected plugin. This could lead to the exposure of sensitive or unpublished content that was intended to remain private (NVD).

Users should update to version 5.9.16 or later of the Essential Addons for Elementor plugin, which contains the security fix for this vulnerability. The patch has been documented in the WordPress plugin repository (WordPress Plugin).