WordPress Plugin Vulnerabilities

WDesignkit < 1.1.0 - Authenticated (Administrator+) Arbitrary File Upload

Description

The WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0.40. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Affects Plugins

Plugin icon
wdesignkit
Fixed in 1.1.0

References

CVE
CVE-2024-53811
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/c7ab6715-78ac-4030-9147-73c472c6b2e0

Miscellaneous

Original Researcher
tahu.datar
Verified
No
WPVDB ID
c01f816a-3557-46b7-959e-153304e8ac29

Timeline

Publicly Published
2024-12-02 (about 1 year ago)
Added
2024-12-11 (about 1 year ago)
Last Updated
2024-12-11 (about 1 year ago)

Other

Published
Title
Published
2026-02-26
Title
User Frontend < 4.2.9 - Author+ Arbitrary File Upload
Published
2026-03-17
Title
Embed HTML5 Game <= 1.3 - Unauthenticated Arbitrary File Upload
Published
2014-08-01
Title
drag & drop file upload 0.1 - Arbitrary File Upload
Published
2025-11-25
Title
CIBELES AI < 1.10.9 - Unauthenticated Arbitrary File Upload
Published
2025-04-04
Title
Streamit < 4.0.2 - Authenticated (Subscriber+) Arbitrary File Upload