WordPress Plugin Vulnerabilities

Dynamic Content for Elementor < 1.9.6 - Authenticated RCE

Description

The PHP Raw Widget (https://www.dynamic.ooo/widget/php-raw/) of the Dynamic Content for Elementor plugin before 1.9.6 did not properly check for user permissions, allowing accounts with a role as low as editor to perform RCE attacks.

Proof of Concept

Affects Plugins

Plugin icon
dynamic-content-for-elementor
Fixed in 1.9.6

References

CVE
CVE-2020-26596

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
9.9 (critical)

Miscellaneous

Original Researcher
CompuNet
Verified
Yes
WPVDB ID
05b0e3eb-82ea-4868-a037-d7ee3eace8aa

Timeline

Publicly Published
2020-10-08 (about 5 years ago)
Added
2020-10-08 (about 5 years ago)
Last Updated
2020-10-09 (about 5 years ago)

Other

Published
Title
Published
2024-06-05
Title
BuddyPress Members Only < 3.4.9 - Improper Access Control to Sensitive Information Exposure via REST API
Published
2021-01-12
Title
WP Quick FrontEnd Editor <= 5.5 - Authenticated Settings Change leading to Stored XSS
Published
2021-12-28
Title
LabTools <= 1.0 - Subscriber+ Arbitrary Publication Deletion
Published
2022-05-18
Title
Jupiter < 6.10.2 & JupiterX < 2.0.7 - Subscriber+ Path Traversal and Local File Inclusion
Published
2024-04-15
Title
Simple Registration for WooCommerce < 1.5.7 - Unauthenticated Privilege Escalation