CVE-2024-2662
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Authenticated (Admin+) Command Injection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to command injection in all versions up to, and including, 1.5.102. This is due to insufficient filtering of template attributes during the creation of HTML for custom widgets This makes it possible for authenticated attackers, with administrator-level access and above, to execute arbitrary commands on the server.
El complemento Unlimited Elements For Elementor (Free Widgets, Addons, Templates) para WordPress es vulnerable a la inyección de comandos en todas las versiones hasta la 1.5.102 incluida. Esto se debe a un filtrado insuficiente de los atributos de la plantilla durante la creación de HTML para widgets personalizados. Esto hace posible que atacantes autenticados, con acceso de nivel de administrador y superior, ejecuten comandos arbitrarios en el servidor.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-03-19 CVE Reserved
- 2024-05-09 CVE Published
- 2024-05-15 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (2)
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Unitecms Search vendor "Unitecms" | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Search vendor "Unitecms" for product "Unlimited Elements For Elementor (Free Widgets, Addons, Templates)" | <= 1.5.102 Search vendor "Unitecms" for product "Unlimited Elements For Elementor (Free Widgets, Addons, Templates)" and version " <= 1.5.102" | en |
Affected
|