The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 1.5.112 due to insufficient IP address validation and/or use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to bypass antispam functionality in the Form Builder widgets.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-07-09T04:32:53.083Z
Updated: 2024-08-01T21:33:04.694Z
Reserved: 2024-06-19T17:46:41.014Z
Link: CVE-2024-6171
Vulnrichment
Updated: 2024-08-01T21:33:04.694Z
NVD
Status : Analyzed
Published: 2024-07-09T05:15:14.140
Modified: 2024-07-12T14:40:02.843
Link: CVE-2024-6171
Redhat
No data.