MEDIUM🇵🇱 Wersja polska

CVE-2020-13125

CVSS 6.5v3.1pub. 2020-05-17upd. 2024-11-21

An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
  • Brainstormforce Ultimate Addons For Elementor

    APP
    Brainstormforce
    < 1.24.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2024-37455HIGH8.8ten sam produkt

Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege...

CVE-2021-24271MEDIUM5.4ten sam produkt

The “Ultimate Addons for Elementor” WordPress Plugin before 1.30.0 has several widgets that are vulnerable to ...

CVE-2023-49830CRITICAL9.9PL ✓ten sam vendor

RCE w Astra Pro – code injection dostępny dla zalogowanych użytkowników

CVE-2021-24507CRITICAL9.8ten sam vendor

The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST paramet...

CVE-2025-6691HIGH8.1ten sam vendor

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file ...