VulnCheck KEV: CVE-2024-4346

The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.7.13. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to...

CVE-2024-4346

The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.7.13. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to...

CVE-2024-4345

The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'process' function in the 'startklarDropZoneUploadProcess' class in versions up to, and including, 1.7.13. This makes it possible for unauthenticated attacke...

CVE-2024-5153

The Startklar Elementor Addons plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.7.15 via the 'dropzonehash' parameter. This makes it possible for unauthenticated attackers to copy the contents of arbitrary files on the server, which can contain...

CVE-2024-5153

The Startklar Elementor Addons plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.7.15 via the 'dropzonehash' parameter. This makes it possible for unauthenticated attackers to copy the contents of arbitrary files on the server, which can contain...

CVE-2024-5153 Startklar Elementor Addons <= 1.7.15 - Unauthenticated Path Traversal to Arbitrary Directory Deletion

The Startklar Elementor Addons plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.7.15 via the 'dropzonehash' parameter. This makes it possible for unauthenticated attackers to copy the contents of arbitrary files on the server, which can contain...

CVE-2024-5153

The CVE CVE-2024-5153 affects Startklar Elementor Addons for WordPress. A directory traversal flaw, exploitable via the dropzone_hash parameter, exists in every version up to 1.7.15. Exploitation does not require authentication and can allow an attacker to copy arbitrary files from the server and...

CVE-2024-5153 Startklar Elementor Addons <= 1.7.15 - Unauthenticated Path Traversal to Arbitrary Directory Deletion

The Startklar Elementor Addons plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.7.15 via the 'dropzonehash' parameter. This makes it possible for unauthenticated attackers to copy the contents of arbitrary files on the server, which can contain...

WordPress Startklar Elementor Addons plugin <= 1.7.15 - Unauthenticated Path Traversal to Arbitrary Directory Deletion vulnerability

Unauthenticated Path Traversal to Arbitrary Directory Deletion vulnerability discovered by stealthcopter in WordPress Plugin Startklar Elementor Addons versions = 1.7.15...

WordPress Startklar Elementor Addons Plugin <= 1.7.15 is vulnerable to Arbitrary File Deletion

Software Startklar Elementor Addons Type Plugin Vulnerable versions = 1.7.15 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-5153 Patch priority High CVSS severity High 9.1 Developer Claim ownership PSID ac59d6e1fb44 Credits stealthcopter...

WordPress plugin Startklar Elementor Addons security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

Startklar Elementor Addons <= 1.7.15 - Unauthenticated Path Traversal to Arbitrary Directory Deletion

Description The Startklar Elementor Addons plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.7.15 via the 'dropzonehash' parameter. This makes it possible for unauthenticated attackers to copy the contents of arbitrary files on the server, which can...

PT-2024-34694

Name of the Vulnerable Software and Affected Versions Startklar Elementor Addons plugin for WordPress versions up to, and including, 1.7.15 Description The issue allows unauthenticated attackers to perform Directory Traversal via the dropzone hash parameter. This enables them to copy the contents...

CVE-2024-4346

The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.7.13. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to...

CVE-2024-4346 Startklar Elementor Addons <= 1.7.13 - Unauthenticated Arbitrary File Deletion

The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.7.13. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to...

CVE-2024-4346

The CVE-2024-4346 issue affects Startklar Elementor Addons for WordPress and allows unauthenticated arbitrary file deletion due to improper path validation when deleting uploaded files (versions up to 1.7.13). Consequence could include deletion of critical files like wp-config.php, enabling site ...

CVE-2024-4346 Startklar Elementor Addons <= 1.7.13 - Unauthenticated Arbitrary File Deletion

The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.7.13. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to...

CVE-2024-4345 Startklar Elementor Addons <= 1.7.13 - Unauthenticated Arbitrary File Upload

The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'process' function in the 'startklarDropZoneUploadProcess' class in versions up to, and including, 1.7.13. This makes it possible for unauthenticated attacke...

CVE-2024-4345

CVE-2024-4345 is an unauthenticated arbitrary file-upload vulnerability in Startklar Elementor Addons for WordPress (up to version 1.7.13). The StartklarDropZoneUploadProcess::process function validates file types insufficiently, allowing attackers to upload arbitrary files to the server and pote...

WordPress plugin Startklar Elementor Addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...