exploitDog

CVE-2024-13808

Опубликовано: 26 апр. 2025

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.4.9 via the custom PHP widget. This is due to their only being client side controls when determining who can access the widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.

Ссылки

https://elementor.wpxpro.com
Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/0833e55f-22aa-44c9-aff6-1f3b74016e4c?source=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wpxpro:xpro_addons_for_elementor:*:*:*:*:*:wordpress:*:*

Версия до 1.4.10 (исключая)

EPSS

Процентиль: 71%

0.00696

Низкий

8.8 High

CVSS3

Дефекты

CWE-94

CWE-94

Связанные уязвимости

GHSA-c824-5258-vggv

CVSS3: 8.8

github

10 месяцев назад

The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.4.9 via the custom PHP widget. This is due to their only being client side controls when determining who can access the widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.

EPSS

Процентиль: 71%

0.00696

Низкий

8.8 High

CVSS3

Дефекты

CWE-94

CWE-94