WordPress Plugin Vulnerabilities

Essential Addons for Elementor Pro < 5.4.9 - Unauthenticated SSRF

Description

The plugin does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attacks

Affects Plugins

Plugin icon
essential-addons-elementor
Fixed in 5.4.9

References

CVE
CVE-2023-32245

Classification

Type
SSRF
OWASP top 10
A1: Injection
CWE
CWE-918
CVSS
6.5 (medium)

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
8b7dbca0-9983-4c13-a30c-00ed01827dcb

Timeline

Publicly Published
2023-05-15 (about 2 years ago)
Added
2023-08-30 (about 2 years ago)
Last Updated
2023-08-30 (about 2 years ago)

Other

Published
Title
Published
2024-02-27
Title
Seraphinite Accelerator < 2.21 - Authenticated (Subscriber+) Server-Side Request Forgery in OnAdminApi_HtmlCheck
Published
2025-12-27
Title
Youzify <= 1.3.5 - Authenticated (Subscriber+) Server-Side Request Forgery
Published
2024-05-30
Title
Blocksy Companion < 2.0.43 - Authenticated (Admin+) Server-Side Request Forgery
Published
2025-09-27
Title
Image shrinker <= 1.1.0 - Authenticated (Subscriber+) Server-Side Request Forgery
Published
2026-02-17
Title
Gutenberg Blocks with AI by Kadence WP < 3.6.2 - Contributor+ SSRF