CVE-2024-4346
Startklar Elementor Addons <= 1.7.13 - Unauthenticated Arbitrary File Deletion
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.7.13. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.
El complemento Startklar Elementor Addons para WordPress es vulnerable a la eliminación arbitraria de archivos en todas las versiones hasta la 1.7.13 incluida. Esto se debe a que el complemento no valida correctamente la ruta de un archivo cargado antes de eliminarlo. Esto hace posible que atacantes no autenticados eliminen archivos arbitrarios, incluido el archivo wp-config.php, lo que puede hacer posible la toma del sitio y la ejecución remota de código.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-04-30 CVE Reserved
- 2024-05-06 CVE Published
- 2024-05-08 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (3)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Wshberlin Search vendor "Wshberlin" | Startklar Elementor Addons Search vendor "Wshberlin" for product "Startklar Elementor Addons" | <= 1.7.13 Search vendor "Wshberlin" for product "Startklar Elementor Addons" and version " <= 1.7.13" | en |
Affected
| ||||||