Elementor < 3.19.1 – Authenticated(Contributor+) Arbitrary File Deletion and PHAR Deserialization | CVE 2024-24934 | Plugin Vulnerabilities

Description

The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to arbitrary file deletions and PHAR deserialization in version up to, and including 3.19.0. This is due to the plugin not providing sufficient path validation on the 'tmp_name' parameter . This makes it possible for authenticated attackers, with contributor-level access and above, to delete arbitrary files and inject PHP Objects through the use of a phar wrapper, both of which can lead to remote code execution.

Affects Plugins

Fixed in 3.19.1

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/4915b769-9499-40ac-835e-279e3a910558

Classification

Type

LFI

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

Rhynorater

Verified

No

WPVDB ID

4d7dfcc6-8c32-4e0d-b3bb-7e2685916e2b

Timeline

Publicly Published

2024-02-07 (about 3 months ago)

Added

2024-02-09 (about 3 months ago)

Last Updated

2024-02-09 (about 3 months ago)

Other

Published

Title

Published

2023-12-28

Title

Product Feed Manager < 7.3.16 - Authenticated (Admin+) Directory Traversal

Published

2024-04-22

Title

Conversational Forms for ChatBot < 1.2.0 - Unauthenticated Arbitrary File Download

Published

2014-08-01

Title

WP Online Store 1.3.1 - index.php slug Parameter Traversal Local File Inclusion

Published

2015-07-14

Title

Subscribe to Comments < 2.3 - Authenticated Local File Inclusion

Published

2015-03-28

Title

Aspose Importer & Exporter 1.0 - Arbitrary File Download