CVE-2020-13125

7.2HIGH

Key Information:

Vendor: Wordpress
Status: Ultimate Addons For Elementor
Vendor: CVE Published:; 17 May 2020

Summary

An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled.

References

https://wpvulndb.com/vulnerabilities/10214

x_refsource_MISC

https://www.wordfence.com/blog/2020/05/combined-attack-on...

x_refsource_MISC

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 17, 2020
Vulnerability Reserved
May 17, 2020