The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'render_raw' function. This can allow authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Metrics
Affected Vendors & Products
References
History
Fri, 10 Jan 2025 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Wpmet
Wpmet elementskit |
|
Weaknesses | CWE-918 | |
CPEs | cpe:2.3:a:wpmet:elementskit:*:*:*:*:pro:wordpress:*:* | |
Vendors & Products |
Wpmet
Wpmet elementskit |
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-06-14T05:39:15.113Z
Updated: 2024-08-01T20:40:47.145Z
Reserved: 2024-05-01T23:14:08.585Z
Link: CVE-2024-4404
Vulnrichment
Updated: 2024-08-01T20:40:47.145Z
NVD
Status : Analyzed
Published: 2024-06-14T06:15:12.987
Modified: 2025-01-10T16:48:29.307
Link: CVE-2024-4404
Redhat
No data.