Vulnerability Description
The Startklar Elementor Addons plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.7.15 via the 'dropzone_hash' parameter. This makes it possible for unauthenticated attackers to copy the contents of arbitrary files on the server, which can contain sensitive information, and to delete arbitrary directories, including the root WordPress directory.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Web-Shop-Host | Startklar Elmentor Addons | <= 1.7.15 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/browser/startklar-elmentor-forms-extwidgets/tPatch
- https://www.wordfence.com/threat-intel/vulnerabilities/id/baa20290-9c01-4f8d-adeThird Party Advisory
- https://plugins.trac.wordpress.org/browser/startklar-elmentor-forms-extwidgets/tPatch
- https://www.wordfence.com/threat-intel/vulnerabilities/id/baa20290-9c01-4f8d-adeThird Party Advisory
FAQ
What is CVE-2024-5153?
CVE-2024-5153 is a vulnerability with a CVSS score of 9.1 (CRITICAL). The Startklar Elementor Addons plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.7.15 via the 'dropzone_hash' parameter. This makes it possible for unau...
How severe is CVE-2024-5153?
CVE-2024-5153 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-5153?
Check the references section above for vendor advisories and patch information. Affected products include: Web-Shop-Host Startklar Elmentor Addons.