258 matches found
CVE-2020-13125
An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled...
CVE-2020-13125
The CVE-2020-13125 entry concerns the Ultimate Addons for Elementor WordPress plugin (
PT-2020-13342
Name of the Vulnerable Software and Affected Versions Ultimate Addons for Elementor plugin versions prior to 1.24.2 Description An issue in the Ultimate Addons for Elementor plugin allows unauthenticated attackers to create users with the Subscriber role, even when registration is disabled. This...
VulnCheck KEV: CVE-2020-13125
An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled...
Elementor Pro < 2.9.4 - Authenticated Arbitrary File Upload
According to Jerome Bruandet, from NintechNet, the vulnerability, currently exploited by attackers, allows any logged-in user to upload and execute PHP scripts on the blog. Chloe Chamberland from Wordfence also confirmed the issue and added that "This vulnerability is being used in conjunction wi...
Ultimate Addons for Elementor < 1.24.2 - Registration Bypass
"The Ultimate Addons for Elementor plugin recently patched a vulnerability in version 1.24.2 that allows attackers to create subscriber-level users, even if registration is disabled on a WordPress site." This vulnerability is being used in conjunction with a 0-day vulnerability in Elementor PRO...
Gutenberg Blocks - Ultimate Addons for Gutenberg < 1.14.8 - Authenticated Settings Change
The Gutenberg Blocks – Ultimate Addons for Gutenberg WordPress plugin was affected by an Ultimate Addons for Gutenberg 1.14.8 - Authenticated Settings Change security vulnerability...
200K WordPress Sites Vulnerable to Plugin Flaw
A high-severity vulnerability exists in a popular WordPress plugin, potentially opening up 200,000 websites to takeover. The WordPress plugin in question in Code Snippets, which allows users to run small chunks of PHP code on their websites. This can be used to extend the functionality of the...
WordPress Ultimate Addons for Beaver Builder <= 1.24.3 - Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability discovered in WordPress Ultimate Addons for Beaver Builder versions = 1.24.3. Solution Update the WordPress Ultimate Addons for Beaver Builder to the latest available version at least 1.25.0...
Wordpress Ultimate Addons for Beaver Builder Authentication Bypass Vulnerability
WordPress is a blogging platform based on the PHP language, which can be used to set up a website on a server that supports PHP and MySQL databases, and can also be used as a content management system CMS. An authentication bypass vulnerability exists in Wordpress Ultimate Addons for Beaver...
WordPress Ultimate Addons For Beaver Builder 1.2.4.1 Authentication Bypass
Exploit Title: Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass Date: 2019-12-21 Exploit Authors: Raphael Karger & Nathan Hrncirik Vendor Homepage: https://www.ultimatebeaver.com/ Version: Ultimate Addons for Beaver Builder | || | |/| / /| / //\ | /|//|||| / / / /...
Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass
Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass Exploit Title: Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass Date: 2019-12-21 Exploit Authors: Raphael Karger & Nathan Hrncirik Vendor Homepage: https://www.ultimatebeaver.com/ Version:...
Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass Exploit
Exploit for php platform in category web applications Exploit Title: Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass Exploit Authors: Raphael Karger & Nathan Hrncirik Vendor Homepage: https://www.ultimatebeaver.com/ Version: Ultimate Addons for Beaver Builder | || |...
WordPress Plugin Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass
Exploit Title: Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass Date: 2019-12-21 Exploit Authors: Raphael Karger & Nathan Hrncirik Vendor Homepage: https://www.ultimatebeaver.com/ Version: Ultimate Addons for Beaver Builder | || | |/| / /| / //\ | /|//|||| / / / /...
Flaw in Elementor and Beaver Addons Let Anyone Hack WordPress Sites
Attention WordPress users! Your website could easily get hacked if you are using "Ultimate Addons for Beaver Builder ," or "Ultimate Addons for Elementor " and haven't recently updated them to the latest available versions. Security researchers have discovered a critical yet easy-to-exploit...
WordPress Ultimate Addons for Elementor plugin <= 1.20.0 - Authentication Bypass vulnerability
Authentication Bypass vulnerability found by MalCare in WordPress Ultimate Addons for Elementor plugin versions = 1.20.0. Solution Update the WordPress Ultimate Addons for Elementor plugin to the latest available version at least 1.20.1...
WordPress Ultimate Addons for Beaver Builder plugin <= 1.24.0 - Authentication Bypass vulnerability
Authentication Bypass vulnerability found by MalCare in WordPress Ultimate Addons for Beaver Builder plugin versions = 1.24.0. Solution Update the WordPress Ultimate Addons for Beaver Builder plugin to the latest available version at least 1.24.1...
Wordpress Crash Ultimate Addons for Visual Composer Vulnerability
Exploit for php platform in category web applications / + Exploit Title : Wordpress Crash Ultimate Addons for Visual Composer vulnerability + Exploit Author : Ashiyane Digital Security Team + Tested on : Windows - Firefox + Vendor Homepage :...