Lucene search

PatchstackCVELIST:CVE-2024-38730

HistoryJul 22, 2024 - 10:21 a.m.

CVE-2024-38730 WordPress Magical Addons For Elementor plugin <= 1.1.41 - Server Side Request Forgery (SSRF) vulnerability

2024-07-2210:21:34

CWE-918

Patchstack

www.cve.org

wordpress

magical addons

ssrf

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

EPSS

Percentile

14.6%

JSON

Server-Side Request Forgery (SSRF) vulnerability in Noor alam Magical Addons For Elementor.This issue affects Magical Addons For Elementor: from n/a through 1.1.41.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "magical-addons-for-elementor",
    "product": "Magical Addons For Elementor",
    "vendor": "Noor alam",
    "versions": [
      {
        "changes": [
          {
            "at": "1.1.42",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.1.41",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/magical-addons-for-elementor/wordpress-magical-addons-for-elementor-plugin-1-1-40-server-side-request-forgery-ssrf-vulnerability?_s_id=cve

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

EPSS

Percentile

14.6%

JSON

Related for CVELIST:CVE-2024-38730