WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Ultimate Addons for Elementor < 1.24.2 - Registration Bypass

Description

"The Ultimate Addons for Elementor plugin recently patched a vulnerability in version 1.24.2 that allows attackers to create subscriber-level users, even if registration is disabled on a WordPress site."

This vulnerability is being used in conjunction with a 0-day vulnerability in Elementor PRO.

Affects Plugins

ultimate-elementor
Fixed in version 1.24.2

References

CVE
CVE-2020-13125
URL
https://www.wordfence.com/blog/2020/05/combined-attack-on-elementor-pro-and-ultimate-addons-for-elementor-puts-1-million-sites-at-risk/

Classification

Type

BYPASS

Miscellaneous

Submitter

Chloe

Submitter website
https://wordfence.com
Verified

No

WPVDB ID
a1b50436-5d00-4964-ba51-f91756e17b0f

Timeline

Publicly Published

2020-05-07 (about 2 years ago)

Added

2020-05-07 (about 2 years ago)

Last Updated

2020-05-18 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin