WordPress Plugin Vulnerabilities

Mega Addons For Elementor <= 1.8 - Missing Authorization

Description

The Mega Addons For Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.8. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

Plugin icon
ultimate-addons-for-elementor
No known fix

References

CVE
CVE-2024-32515
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/2f557c6e-2fbd-478d-8dc3-cdc550e523b7

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Friday
Verified
No
WPVDB ID
279679f1-f743-4b12-9e59-a4725e8ea573

Timeline

Publicly Published
2024-04-15 (about 1 months ago)
Added
2024-04-23 (about 27 days ago)
Last Updated
2024-04-23 (about 27 days ago)

Other

Published
Title
Published
2024-03-20
Title
Olive One Click Demo Import < 1.1.2 - Missing Authorization
Published
2024-04-09
Title
Post Type Builder < 2.1.4 - Subscriber+ Arbitrary Post/Page Creation
Published
2024-04-22
Title
Vision Interactive < 1.7.2 - Missing Authorization
Published
2023-09-12
Title
BAN Users <= 1.5.3 - Subscriber+ Settings Update & Privilege Escalation via Missing Authorization
Published
2022-03-21
Title
Easy Social Icons < 3.2.1 - Unauthenticated Arbitrary Icon Deletion