Due to missing capability/nonce checks and improper file-type validation in the file upload handler, a remote attacker can upload files with dangerous extensions (e.g. PHP) to the server, which can then be executed as a web shell, leading to remote code execution on the affected WordPress site.

This vulnerability affects the following application versions:

  • King Addons for Elementor 24.12.83
  • King Addons for Elementor 24.12.84
  • King Addons for Elementor 24.12.85
  • King Addons for Elementor 24.12.86
  • King Addons for Elementor 24.12.87
  • King Addons for Elementor 24.12.88
  • King Addons for Elementor 24.12.89
  • King Addons for Elementor 24.12.90
  • King Addons for Elementor 24.12.91
  • King Addons for Elementor 24.12.92
  • King Addons for Elementor 24.12.93
  • King Addons for Elementor 51.1.2
  • King Addons for Elementor 51.1.14
  • King Addons for Elementor 51.1.35
  • King Addons for Elementor 51.1.36

Skriv et svar

Din e-mailadresse vil ikke blive publiceret. Krævede felter er markeret med *