2 matches found
WordPress Xpro Elementor Addons Plugin <= 1.4.3.1 is vulnerable to PHP Object Injection
Software Xpro Elementor Addons Type Plugin Vulnerable versions = 1.4.3.1 Fixed in 1.4.3.2 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-4471 Patch priority Low CVSS severity Low 8 Developer Claim ownership PSID db21342544db Credits Francesco Carlucci Required privile...
CVE-2024-4471 140+ Widgets | Best Addons For Elementor – FREE <= 1.4.3.1 - Authenticated (Contributor+) PHP Object Injection
The 140+ Widgets | Best Addons For Elementor – FREE for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.3.1 via deserialization of untrusted input in the 'exportcontent' function. This allows authenticated attackers, with contributor-level permissions and...