Main Vulnerability Database Vulnerabilities #VU30286

#VU30286 Incorrect permission assignment for critical resource in Ultimate Addons for Elementor - CVE-2020-13125

Published: May 17, 2020 / Updated: July 17, 2020

Vulnerability identifier: #VU30286

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-13125

CWE-ID: CWE-732

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Ultimate Addons for Elementor

Software vendor:
Brainstorm Force

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled.

Remediation

Install update from vendor's website.

#VU30286 Incorrect permission assignment for critical resource in Ultimate Addons for Elementor - CVE-2020-13125

Description

Remediation

External links

Please verify you're human