Lucene search

PatchstackVULNRICHMENT:CVE-2024-35725

HistoryJun 10, 2024 - 7:48 a.m.

CVE-2024-35725 WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.6 - Broken Access Control vulnerability

2024-06-1007:48:04

CWE-862

Patchstack

github.com

wordpress

la-studio

elementor

cve-2024-35725

broken access control

missing authorization

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.4%

JSON

Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.6.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "lastudio-element-kit",
    "product": "LA-Studio Element Kit for Elementor",
    "vendor": "LA-Studio",
    "versions": [
      {
        "changes": [
          {
            "at": "1.3.7.4",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.3.6",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/lastudio-element-kit/wordpress-la-studio-element-kit-for-elementor-plugin-1-3-6-broken-access-control-vulnerability?_s_id=cve

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.4%

JSON

Related for VULNRICHMENT:CVE-2024-35725