Unauthorized Modification of Data Leads to Denial of Service in Sky Addons for Elementor
CVE-2024-11104

8.1HIGH

Key Information:

Vendor

Wordpress
Status
Sky Addons For Elementor (free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery)
Vendor
CVE Published:
22 November 2024

What is CVE-2024-11104?

The Sky Addons for Elementor plugin offers a range of features for enhancing WordPress sites, but it presents a security weakness that allows for unauthorized data modifications. This vulnerability stems from a lack of capability checks in the save_options() function, affecting all versions up to 2.6.2. Authenticated attackers, even those with subscriber-level access, can exploit this flaw to alter arbitrary options that can be saved as arrays. This leads to potential denial of service for the affected WordPress installations, compromising their functionality and security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery) * <= 2.6.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/sky-elementor-...
https://plugins.trac.wordpress.org/browser/sky-elementor-...

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dale Mavers
JSON
.