CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

24 matches found

VulnCheck KEV•added 2026/05/04 12:0 a.m.•5 views

VulnCheck KEV: CVE-2024-4346

The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.7.13. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to...

9.1CVSS6.4AI score0.01522EPSS

In wildExploits0References2

RedhatCVE•added 2025/02/05 12:10 a.m.•4 views

CVE-2024-4346

9.1CVSS7.8AI score0.01522EPSS

Exploits0References1

RedhatCVE•added 2025/02/04 11:59 p.m.•7 views

CVE-2024-4345

The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'process' function in the 'startklarDropZoneUploadProcess' class in versions up to, and including, 1.7.13. This makes it possible for unauthenticated attacke...

9.8CVSS8AI score0.01444EPSS

Exploits0References1

OSV•added 2024/06/06 4:15 a.m.•2 views

CVE-2024-5153

The Startklar Elementor Addons plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.7.15 via the 'dropzonehash' parameter. This makes it possible for unauthenticated attackers to copy the contents of arbitrary files on the server, which can contain...

9.8CVSS5.9AI score0.01002EPSS

Exploits0References2

NVD•added 2024/06/06 4:15 a.m.•18 views

CVE-2024-5153

9.8CVSS9.2AI score0.01002EPSS

Exploits0References2

Cvelist•added 2024/06/06 3:53 a.m.•21 views

CVE-2024-5153 Startklar Elementor Addons <= 1.7.15 - Unauthenticated Path Traversal to Arbitrary Directory Deletion

9.1CVSS9.2AI score0.01002EPSS

Exploits0References2

CVE•added 2024/06/06 3:53 a.m.•56 views

CVE-2024-5153

The CVE CVE-2024-5153 affects Startklar Elementor Addons for WordPress. A directory traversal flaw, exploitable via the dropzone_hash parameter, exists in every version up to 1.7.15. Exploitation does not require authentication and can allow an attacker to copy arbitrary files from the server and...

9.8CVSS9.3AI score0.01002EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2024/06/06 3:53 a.m.•18 views

CVE-2024-5153 Startklar Elementor Addons <= 1.7.15 - Unauthenticated Path Traversal to Arbitrary Directory Deletion

9.1CVSS7AI score0.01002EPSS

Exploits0References2

CNNVD•added 2024/06/06 12:0 a.m.•2 views

WordPress plugin Startklar Elementor Addons security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

9.8CVSS6.7AI score0.01002EPSS

Exploits0References3

WPVulnDB•added 2024/06/05 12:0 a.m.•14 views

Startklar Elementor Addons <= 1.7.15 - Unauthenticated Path Traversal to Arbitrary Directory Deletion

Description The Startklar Elementor Addons plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.7.15 via the 'dropzonehash' parameter. This makes it possible for unauthenticated attackers to copy the contents of arbitrary files on the server, which can...

9.8CVSS6.9AI score0.01002EPSS

Exploits0References1

Positive Technologies•added 2024/06/05 12:0 a.m.•6 views

PT-2024-34694

Name of the Vulnerable Software and Affected Versions Startklar Elementor Addons plugin for WordPress versions up to, and including, 1.7.15 Description The issue allows unauthenticated attackers to perform Directory Traversal via the dropzone hash parameter. This enables them to copy the contents...

9.8CVSS6AI score0.01002EPSS

Exploits0References10

NVD•added 2024/05/07 9:15 a.m.•10 views

CVE-2024-4346

9.1CVSS9.6AI score0.01522EPSS

Exploits0References3

Vulnrichment•added 2024/05/07 8:31 a.m.•9 views

CVE-2024-4346 Startklar Elementor Addons <= 1.7.13 - Unauthenticated Arbitrary File Deletion

9.1CVSS6.6AI score0.01522EPSS

Exploits0References3

CVE•added 2024/05/07 8:31 a.m.•61 views

CVE-2024-4346

The CVE-2024-4346 entry concerns the Startklar Elementor Addons for WordPress, which allows unauthenticated arbitrary file deletion due to improper path validation during file handling. The vulnerability affects all versions up to 1.7.13 and can delete critical files (including wp-config.php), en...

9.1CVSS7.7AI score0.01522EPSS

In wildExploits0References3

CVE•added 2024/05/07 8:31 a.m.•97 views

CVE-2024-4345

CVE-2024-4345 is an unauthenticated arbitrary file-upload vulnerability in Startklar Elementor Addons for WordPress (up to version 1.7.13). The StartklarDropZoneUploadProcess::process function validates file types insufficiently, allowing attackers to upload arbitrary files to the server and pote...

9.8CVSS7.9AI score0.01444EPSS

Exploits0References3

Cvelist•added 2024/05/07 8:31 a.m.•67 views

CVE-2024-4345 Startklar Elementor Addons <= 1.7.13 - Unauthenticated Arbitrary File Upload

9.8CVSS10AI score0.01444EPSS

Exploits0References3

CNNVD•added 2024/05/07 12:0 a.m.•2 views

WordPress plugin Startklar Elementor Addons 安全漏洞

9.8CVSS8.4AI score0.01444EPSS

Exploits0References4

CNNVD•added 2024/05/07 12:0 a.m.•2 views

WordPress plugin Startklar Elementor Addons 安全漏洞