File Upload Vulnerability in Royal Elementor Addons for WordPress
CVE-2024-1567
9.8CRITICAL
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 2 May 2024
What is CVE-2024-1567?
The Royal Elementor Addons and Templates plugin for WordPress is susceptible to a vulnerability that enables unauthenticated users to upload unsafe file types. This issue stems from inadequate validation in the 'file_validity' function, allowing harmful files like .svgz to be uploaded to the server. The presence of these file types can lead to serious security implications, including the possibility of cross-site scripting (XSS) attacks and remote code execution on the affected website, compromising the integrity and confidentiality of its data.
Affected Version(s)
Royal Elementor Addons and Templates * <= 1.3.94