Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-0320

The Essential Addons for Elementor WordPress plugin before 5.0.5 does not validate and sanitise some template data before it them in include statements, which could allow unauthenticated attackers to perform Local File Inclusion attack and read arbitrary files on the server, this could also lead to RCE via user uploaded files or other LFI to RCE techniques.

Published

2022-02-01T13:15:09.967

Last Modified

2024-11-21T06:38:22.363

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	wpdeveloper	essential_addons_for_elementor	< 5.0.5	Yes

References

https://wpscan.com/vulnerability/0d02b222-e672-4ac0-a1d4-d34e1ecf4a95 Third Party Advisory ([email protected])
https://wpscan.com/vulnerability/0d02b222-e672-4ac0-a1d4-d34e1ecf4a95 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)