Vulnerability Description
The Premium Addons for Elementor plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS) in all versions up to, and including, 4.10.35. This is due to processing user-supplied input as a regular expression. This makes it possible for authenticated attackers, with Author-level access and above, to create and query a malicious post title, resulting in slowing server resources.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Leap13 | Premium Addons For Elementor | < 4.10.36 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/inProduct
- https://plugins.trac.wordpress.org/changeset/3110991/Patch
- https://www.wordfence.com/threat-intel/vulnerabilities/id/3c59d95a-b7f1-4a04-bbfThird Party Advisory
- https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/inProduct
- https://plugins.trac.wordpress.org/changeset/3110991/Patch
- https://www.wordfence.com/threat-intel/vulnerabilities/id/3c59d95a-b7f1-4a04-bbfThird Party Advisory
FAQ
What is CVE-2024-6434?
CVE-2024-6434 is a vulnerability with a CVSS score of 3.1 (LOW). The Premium Addons for Elementor plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS) in all versions up to, and including, 4.10.35. This is due to processing user-suppli...
How severe is CVE-2024-6434?
CVE-2024-6434 has been rated LOW with a CVSS base score of 3.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-6434?
Check the references section above for vendor advisories and patch information. Affected products include: Leap13 Premium Addons For Elementor.