9.8
CVE-2024-1567
- EPSS 3.72%
- Veröffentlicht 02.05.2024 17:15:11
- Zuletzt bearbeitet 08.01.2025 20:47:46
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginRoyal Elementor Addons and Templates <= 1.3.94 - Unauthenticated Limited File Upload
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to limited file uploads due to missing file type validation in the 'file_validity' function in all versions up to, and including, 1.3.94. This makes it possible for unauthenticated attackers to upload dangerous file types such as .svgz on the affected site's server which may make cross-site scripting or remote code execution possible.
Mögliche Gegenmaßnahme
Royal Addons for Elementor – Addons and Templates Kit for Elementor: Update to version 1.3.95, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Royal Addons for Elementor – Addons and Templates Kit for Elementor
Version
*-1.3.94
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Royal-elementor-addons ≫ Royal Elementor Addons SwPlatformwordpress Version < 1.3.95
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.72% | 0.875 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| security@wordfence.com | 8.2 | 3.9 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.