← Zuruck zu CVEs
CVE-2022-0320
CRITICAL9.8
Beschreibung
The Essential Addons for Elementor WordPress plugin before 5.0.5 does not validate and sanitise some template data before it them in include statements, which could allow unauthenticated attackers to perform Local File Inclusion attack and read arbitrary files on the server, this could also lead to RCE via user uploaded files or other LFI to RCE techniques.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht2/1/2022
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
wpdeveloper:essential_addons_for_elementor
Schwachen (CWE)
CWE-22
Referenzen
https://wpscan.com/vulnerability/0d02b222-e672-4ac0-a1d4-d34e1ecf4a95(contact@wpscan.com)
https://wpscan.com/vulnerability/0d02b222-e672-4ac0-a1d4-d34e1ecf4a95(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.