CVE-2024-6434

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Jul 4, 2024

Updated: Jul 5, 2024

CWE ID 1333

Summary

CVE-2024-6434 is a recently disclosed vulnerability affecting the Premium Addons for Elementor plugin used in WordPress websites. The flaw, present in all versions up to 4.10.35, enables authenticated attackers with Author-level access or higher to execute a Regular Expression Denial of Service (ReDoS) attack. By manipulating user-supplied input as a regular expression, attackers can cause server resources to be consumed, leading to a significant slowdown or even a denial-of-service condition. This vulnerability underscores the importance of keeping WordPress plugins updated to protect against known security risks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database