Lucene search

MitreCVELIST:CVE-2020-13125

HistoryMay 17, 2020 - 12:39 a.m.

CVE-2020-13125

2020-05-1700:39:00

mitre

www.cve.org

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

62.2%

JSON

An issue was discovered in the “Ultimate Addons for Elementor” plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled.

References

wpvulndb.com/vulnerabilities/10214

www.wordfence.com/blog/2020/05/combined-attack-on-elementor-pro-and-ultimate-addons-for-elementor-puts-1-million-sites-at-risk/

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

62.2%

JSON

Related for CVELIST:CVE-2020-13125