An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NBrainstormforce Ultimate Addons For Elementor
APPBrainstormforce< 1.24.2
Powiązane podatności
Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege...
The “Ultimate Addons for Elementor” WordPress Plugin before 1.30.0 has several widgets that are vulnerable to ...
RCE w Astra Pro – code injection dostępny dla zalogowanych użytkowników
The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST paramet...
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file ...