CVE-2024-6824

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Aug 8, 2024

CWE ID 862

Summary

CVE-2024-6824 is a vulnerability affecting the Premium Addons for Elementor plugin used in WordPress sites. This issue allows authenticated attackers with Contributor-level access or higher to bypass capability checks on the 'check_temp_validity' and 'update_template_title' functions, leading to unauthorized modification and deletion of content, as well as the update of post and page titles in all versions up to and including 4.10.38. This could potentially result in significant data loss and compromise for affected websites. Users are advised to update the plugin to a patched version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xDtJc3
https://www.cve.org/CVERecord?id=CVE-2024-6824
https://nvd.nist.gov/vuln/detail/CVE-2024-6824

Back to Vulnerability Database

CVE-2024-6824

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations