Unauthenticated Directory Traversal Vulnerability in Elementor Addons Plugin
CVE-2024-5153
9.8CRITICAL
What is CVE-2024-5153?
The Startklar Elementor Addons plugin for WordPress is susceptible to a Directory Traversal vulnerability across all versions up to and including 1.7.15. This flaw arises from improper validation of the 'dropzone_hash' parameter, allowing unauthenticated attackers to traverse directories on the server. Exploitation of this vulnerability permits attackers to access and potentially extract sensitive information from arbitrary files, as well as delete directories, including the main WordPress directory. This significant security risk highlights the importance of immediate attention to plugin updates and security patches.
Affected Version(s)
Startklar Elementor Addons * <= 1.7.15