WordPress Plugin Vulnerabilities

Premium Addons for Elementor < 4.10.36 - Regular Expressions Denial of Service

Description

The Premium Addons for Elementor plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS) in all versions up to, and including, 4.10.35. This is due to processing user-supplied input as a regular expression. This makes it possible for authenticated attackers, with Author-level access and above, to create and query a malicious post title, resulting in slowing server resources.

Affects Plugins

Plugin icon
premium-addons-for-elementor
Fixed in 4.10.36

References

CVE
CVE-2024-6434
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/3c59d95a-b7f1-4a04-bbf4-bab2c42d6d75

Miscellaneous

Original Researcher
Muhammad Umer Adeem (Yldrm)
Verified
No
WPVDB ID
76ecc6f8-3324-4df9-b79b-a68cd9c9fcf6

Timeline

Publicly Published
2024-07-03 (about 1 year ago)
Added
2024-07-05 (about 1 year ago)
Last Updated
2024-07-05 (about 1 year ago)

Other

Published
Title
Published
2024-02-08
Title
Backuply - Backup, Restore, Migrate and Clone < 1.2.6 - Unauthenticated Denial of Service
Published
2022-07-11
Title
GiveWP < 2.21.3 - DoS via CSRF
Published
2021-04-27
Title
WPGraphQL < 1.3.6 - Denial of Service
Published
2014-08-01
Title
WordPress 3.1 - PCRE Library Remote DoS
Published
2025-03-20
Title
WP-GeSHi-Highlight <= 1.4.3 - Author+ ReDoS