CVE-2024-6434

EPSS 0.58%
Veröffentlicht 04.07.2024 09:15:05
Zuletzt bearbeitet 08.04.2026 18:22:21
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

Premium Addons for Elementor <= 4.10.35 - Regular Expressions Denial of Service

The Premium Addons for Elementor plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS) in all versions up to, and including, 4.10.35. This is due to processing user-supplied input as a regular expression. This makes it possible for authenticated attackers, with Author-level access and above, to create and query a malicious post title, resulting in slowing server resources.

Mögliche Gegenmaßnahme

Premium Addons for Elementor – Powerful Elementor Templates & Widgets: Update to version 4.10.36, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Leap13 ≫ Premium Addons For Elementor SwPlatformwordpress Version < 4.10.36

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Premium Addons for Elementor – Powerful Elementor Templates & Widgets

Version *-4.10.35

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.58%	0.431

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
security@wordfence.com	3.1	1.6	1.4	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE-1333 Inefficient Regular Expression Complexity

The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/includes/class-premium-template-tags.php#L1676

Product

https://plugins.trac.wordpress.org/changeset/3110991/

Patch

https://www.wordfence.com/threat-intel/vulnerabilities/id/3c59d95a-b7f1-4a04-bbf4-bab2c42d6d75?source=cve

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/3c59d95a-b7f1-4a04-bbf4-bab2c42d6d75

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-6434

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-6434

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-6434

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-6434