WordPress Plugin Vulnerabilities

Ultimate Addons for Elementor < 1.24.2 - Registration Bypass

Description

"The Ultimate Addons for Elementor plugin recently patched a vulnerability in version 1.24.2 that allows attackers to create subscriber-level users, even if registration is disabled on a WordPress site."

This vulnerability is being used in conjunction with a 0-day vulnerability in Elementor PRO.

Affects Plugins

Plugin icon
ultimate-elementor
Fixed in 1.24.2

References

CVE
CVE-2020-13125
URL
https://www.wordfence.com/blog/2020/05/combined-attack-on-elementor-pro-and-ultimate-addons-for-elementor-puts-1-million-sites-at-risk/

Miscellaneous

Submitter
Chloe
Submitter website
https://wordfence.com
Verified
No
WPVDB ID
a1b50436-5d00-4964-ba51-f91756e17b0f

Timeline

Publicly Published
2020-05-07 (about 6 years ago)
Added
2020-05-07 (about 6 years ago)
Last Updated
2020-05-18 (about 5 years ago)

Other

Published
Title
Published
2022-08-22
Title
Login No Captcha reCAPTCHA < 1.7 - IP Check Bypass
Published
2014-08-01
Title
WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions
Published
2019-08-25
Title
WooCommerce PayU India <= 2.1.1 - Price Tampering
Published
2023-03-02
Title
Metform Elementor Contact Form Builder < 3.2.2 - reCaptcha Bypass
Published
2022-11-09
Title
Better Messages < 1.9.10.71 - Subscriber+ Messaging Block Bypass