The Qi Addons For Elementor plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 1.7.2 via the 'behavior' attributes found in the qi_addons_for_elementor_blog_list shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include remote files on the server, resulting in code execution. Please note that this requires an attacker to create a non-existent directory or target an instance where file_exists won't return false with a non-existent directory in the path, in order to successfully exploit.
Metrics
Affected Vendors & Products
References
History
Tue, 29 Oct 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Qodeinteractive
Qodeinteractive qi Addons For Elementor |
|
Weaknesses | CWE-706 | |
CPEs | cpe:2.3:a:qodeinteractive:qi_addons_for_elementor:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Qodeinteractive
Qodeinteractive qi Addons For Elementor |
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-06-07T03:21:56.432Z
Updated: 2024-08-01T20:55:10.265Z
Reserved: 2024-05-14T22:12:38.932Z
Link: CVE-2024-4887
Vulnrichment
Updated: 2024-08-01T20:55:10.265Z
NVD
Status : Analyzed
Published: 2024-06-07T04:15:31.777
Modified: 2024-10-29T19:52:44.863
Link: CVE-2024-4887
Redhat
No data.