2 matches found
CVE-2020-7055
An issue was discovered in Elementor 2.7.4. Arbitrary file upload is possible in the Elementor Import Templates function, allowing an attacker to execute code via a crafted ZIP archive...
CVE-2020-7055
Elementor 2.7.4 is vulnerable to an arbitrary file upload in the Import Templates feature, enabling code execution via a crafted ZIP archive. Root cause: the Import Templates handler accepts ZIPs that can place executable PHP files on the server. Affected product: WordPress Elementor plugin (vers...