Lucene search

WpvulndbWPVDB-ID:565246EE-5122-4B60-83E9-0790CD7F3175

HistoryJan 04, 2024 - 12:00 a.m.

Happy Addons for Elementor < 3.10.0 - Contributor+ SSRF

2024-01-0400:00:00

wpscan.com

happy addons

elementor

ssrf vulnerability

authenticated attackers

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.0005 Low

EPSS

Percentile

16.8%

JSON

Description The plugin is vulnerable to Server-Side Request Forgery, allowing authenticated attackers, with contributor access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

CPENameOperatorVersion
eq3.10.0

CPE	Name	Operator	Version
		eq	3.10.0

References

patchstack.com/database/vulnerability/happy-elementor-addons/wordpress-happy-addons-for-elementor-plugin-3-9-1-1-server-side-request-forgery-ssrf-vulnerability

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.0005 Low

EPSS

Percentile

16.8%

JSON

Related for WPVDB-ID:565246EE-5122-4B60-83E9-0790CD7F3175