CVE-2024-6434
Premium Addons for Elementor <= 4.10.35 - Regular Expressions Denial of Service
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Premium Addons for Elementor plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS) in all versions up to, and including, 4.10.35. This is due to processing user-supplied input as a regular expression. This makes it possible for authenticated attackers, with Author-level access and above, to create and query a malicious post title, resulting in slowing server resources.
El complemento Premium Addons for Elementor para WordPress es vulnerable a la denegación de servicio de expresión regular (ReDoS) en todas las versiones hasta la 4.10.35 incluida. Esto se debe al procesamiento de la entrada proporcionada por el usuario como una expresión regular. Esto hace posible que atacantes autenticados, con acceso de nivel de autor y superior, creen y consulten un título de publicación malicioso, lo que ralentiza los recursos del servidor.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-07-01 CVE Reserved
- 2024-07-03 CVE Published
- 2024-07-05 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
- CWE-1333: Inefficient Regular Expression Complexity
CAPEC
References (3)
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://plugins.trac.wordpress.org/changeset/3110991 | 2024-07-05 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Leap13 Search vendor "Leap13" | Premium Addons For Elementor Search vendor "Leap13" for product "Premium Addons For Elementor" | < 4.10.36 Search vendor "Leap13" for product "Premium Addons For Elementor" and version " < 4.10.36" | wordpress |
Affected
|