CVE-2024-3018
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Summary
CVE-2024-3018 is a critical vulnerability affecting the Essential Addons for Elementor plugin for WordPress. This issue allows authenticated attackers with author-level access or higher to inject PHP Objects through deserialization of untrusted input from the 'error_resetpassword' attribute of the "Login | Register Form" widget. If a POP (Persistent Object Pool) chain exists via additional plugins or themes, it could potentially enable the attacker to delete arbitrary files, retrieve sensitive data, or execute code. This vulnerability impacts all versions up to, and including, 5.9.13.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Anope