Lucene search

[email protected]NVD:CVE-2024-6824

HistoryAug 08, 2024 - 6:15 a.m.

CVE-2024-6824

2024-08-0806:15:41

CWE-862

[email protected]

web.nvd.nist.gov

wordpress

premium addons

elementor

vulnerability

unauthorized modification

data loss

capability check

cve-2024-6824

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

30.6%

JSON

The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the ‘check_temp_validity’ and ‘update_template_title’ functions in all versions up to, and including, 4.10.38. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary content and update post and page titles.

References

plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/includes/addons-integration.php#L159

plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/includes/addons-integration.php#L184

plugins.trac.wordpress.org/changeset/3131564/

www.wordfence.com/threat-intel/vulnerabilities/id/b2840b9e-1baf-460c-ba11-43e4279ece27?source=cve

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

30.6%

JSON

Related for NVD:CVE-2024-6824

cvelist1 cve1 vulnrichment1 wordfence1