CVE-2020-13125

Опубликовано: 17 мая 2020

Источник: nvd

CVSS3: 7.2

CVSS3: 6.5

CVSS2: 6.4

EPSS Средний

Описание

An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled.

Ссылки

https://wpvulndb.com/vulnerabilities/10214
Not Applicable
https://www.wordfence.com/blog/2020/05/combined-attack-on-elementor-pro-and-ultimate-addons-for-elementor-puts-1-million-sites-at-risk/
Third Party Advisory
https://wpvulndb.com/vulnerabilities/10214
Not Applicable
https://www.wordfence.com/blog/2020/05/combined-attack-on-elementor-pro-and-ultimate-addons-for-elementor-puts-1-million-sites-at-risk/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:brainstormforce:ultimate_addons_for_elementor:*:*:*:*:*:wordpress:*:*

Версия до 1.24.2 (исключая)

EPSS

Процентиль: 93%

0.11265

Средний

7.2 High

CVSS3

6.5 Medium

CVSS3

6.4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-j47x-5r4f-5mpx

github

больше 3 лет назад

EPSS

Процентиль: 93%

0.11265

Средний

7.2 High

CVSS3

6.5 Medium

CVSS3

6.4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo