PT-2024-19206 · WordPress · The Plus Addons For Elementor

🗓️ 26 Mar 2024 00:00:00Reported by Positive TechnologiesType

Authenticated contributors can trigger Local File Inclusion via the Team Member Listing in Plus Addons Elementor on WordPress up to 5.4.1 to run PHP.

Reporter	Title	Published	Views	Family All 10
CNNVD	WordPress Plugin The Plus Addons for Elementor 安全漏洞	27 Mar 202400:00	–	cnnvd
CVE	CVE-2024-2210	27 Mar 202401:56	–	cve
Cvelist	CVE-2024-2210 The Plus Addons for Elementor <= 5.4.1 - Authenticated (Contributor+) Local File Inclusion via Team Member Listing	27 Mar 202401:56	–	cvelist
EUVD	EUVD-2024-27169	3 Oct 202520:07	–	euvd
NVD	CVE-2024-2210	27 Mar 202403:15	–	nvd
Patchstack	WordPress The Plus Addons for Elementor plugin <= 5.4.1 - Authenticated (Contributor+) Local File Inclusion via Team Member Listing vulnerability	2 Feb 202619:22	–	patchstack
RedhatCVE	CVE-2024-2210	7 Jan 202609:15	–	redhatcve
Vulnrichment	CVE-2024-2210 The Plus Addons for Elementor <= 5.4.1 - Authenticated (Contributor+) Local File Inclusion via Team Member Listing	27 Mar 202401:56	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (March 25, 2024 to March 31, 2024)	4 Apr 202417:35	–	wordfence
WPVulnDB	The Plus Addons for Elementor < 5.4.2 - Contributor+ LFI	26 Mar 202400:00	–	wpvulndb

Source	Link
plugins	www.plugins.trac.wordpress.org/changeset/3056776/the-plus-addons-for-elementor-page-builder
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-2210
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/30579058-54f4-4496-9275-078faf99823f
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
twitter	www.twitter.com/CVEnew/status/1772815179652514027

27 Mar 2024 00:00Current

9.9High risk

Vulners AI Score9.9

CVSS 3.16.4

EPSS0.00157

SSVC