An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NBrainstormforce Ultimate Addons For Elementor
APPBrainstormforce< 1.24.2
Related vulnerabilities
Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege...
The “Ultimate Addons for Elementor” WordPress Plugin before 1.30.0 has several widgets that are vulnerable to ...
RCE w Astra Pro – code injection dostępny dla zalogowanych użytkowników
The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST paramet...
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file ...