Privilege Escalation Vulnerability in Ultimate Addons for Elementor
CVE-2024-37455

8.8HIGH

Key Information:

Vendor: WordPress
Status: Ultimate Addons For Elementor
Vendor: CVE Published:; 9 July 2024

Summary

A vulnerability exists in the Ultimate Addons for Elementor plugin, developed by Brainstorm Force, which is related to improper privilege management. This issue can be exploited by attackers to gain unauthorized access and elevate their privileges within the application. Versions affected span from an unspecified release up to 1.36.31, thereby posing a significant risk to users who have not updated their installations. It is crucial for users and administrators to apply patches and take preventive measures to guard against potential exploitation.

Affected Version(s)

Ultimate Addons for Elementor <= 1.36.31

References

https://patchstack.com/database/vulnerability/ultimate-el...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 9, 2024

Credit

NGÔ THIÊN AN / ancorn_ from VNPT-VCI (Patchstack Alliance)