CVE-2024-6757

The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 3.23.5 via the get_image_alt function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract either excerpt data or titles of private or password-protected posts.

Published: Oct 15, 2024
Updated: Jun 30, 2025
CVE: CVE-2024-6757
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
elementor / website_builder	-	3.24.6
Elementor Website Builder	-	3.24.6

https://plugins.trac.wordpress.org/browser/elementor/tags/3.23.0/includes/controls/media.php#L413
https://www.wordfence.com/threat-intel/vulnerabilities/id/96fa9ed7-6c13-4356-8a25-8a309be2b0e9
https://www.wordfence.com/threat-intel/vulnerabilities/id/96fa9ed7-6c13-4356-8a25-8a309be2b0e9?source=cve

Vulnerability Database

289,697

CVE-2024-6757