7.2
CVE-2024-50442
- EPSS 0.54%
- Veröffentlicht 28.10.2024 12:15:15
- Zuletzt bearbeitet 23.04.2026 15:19:57
- Quelle audit@patchstack.com
- CVE-Watchlists
- Unerledigt
LoginWordPress Royal Elementor Addons and Templates plugin <= 1.3.980 - XML External Entity (XXE) vulnerability
Royal Elementor Addons <= 1.3.980 - Authenticated (Author+) External Entity Injection
Improper Restriction of XML External Entity Reference vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows XML Injection.This issue affects Royal Elementor Addons: from n/a through <= 1.3.980.
Mögliche Gegenmaßnahme
Royal Addons for Elementor – Addons and Templates Kit for Elementor: Update to version 1.3.981, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Royal-elementor-addons ≫ Royal Elementor Addons SwPlatformwordpress Version < 1.3.981
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Royal Addons for Elementor – Addons and Templates Kit for Elementor
Version
*-1.3.980
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.54% | 0.41 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| audit@patchstack.com | 6.5 | 1.2 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
|
CWE-611 Improper Restriction of XML External Entity Reference
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
https://patchstack.com/database/Wordpress/Plugin/royal-elementor-addons/vulnerability/wordpress-royal-elementor-addons-and-templates-plugin-1-3-980-xml-external-entity-xxe-vulnerability?_s_id=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/30a89e75-2ab1-4e65-8646-b100efed5dbd