CVE-2024-6824
Premium Addons for Elementor <= 4.10.38 - Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion and Arbitrary Title Update
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'check_temp_validity' and 'update_template_title' functions in all versions up to, and including, 4.10.38. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary content and update post and page titles.
Los complementos Premium Addons for Elementor para WordPress son vulnerables a modificaciones no autorizadas y pérdida de datos debido a una falta de verificación de capacidad en las funciones 'check_temp_validity' y 'update_template_title' en todas las versiones hasta la 4.10.38 incluida. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, eliminen contenido arbitrario y actualicen títulos de publicaciones y páginas.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-07-16 CVE Reserved
- 2024-08-07 CVE Published
- 2024-08-09 CVE Updated
- 2024-08-13 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-862: Missing Authorization
CAPEC
References (4)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Leap13 Search vendor "Leap13" | Premium Addons For Elementor Search vendor "Leap13" for product "Premium Addons For Elementor" | <= 4.10.38 Search vendor "Leap13" for product "Premium Addons For Elementor" and version " <= 4.10.38" | en |
Affected
| ||||||