CVE-2020-13125
CVE-2020-13125
Vexday Risk Score
58Atención
Decisión SSVC (CISA)
Act
Explotación + impacto → acción inmediata
Madurez del exploit
Exploit funcional
Exploit automatizable disponible (Nuclei/Metasploit).
CVSS 7.2EPSS 2.3%KEV nãoPoC —Nuclei simMetasploit —Patch —
Ciclo de vida
17 may 2020Publicada en NVD
Recomendación: Corregir cuanto antes — hay explotación activa confirmada.
An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled.
CVSS:3.0/AC:L/AV:N/A:N/C:L/I:L/PR:N/S:C/UI:N
Productos afectados
n/a · n/a