← volver
CVE-2024-4404

ElementsKit PRO <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery

CVSS 8.5 HIGHEPSS 0.3%CWE-918
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 8.5EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
14 jun 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'render_raw' function. This can allow authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
Productos afectados
wpmet · ElementsKit Pro

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://wpmet.com/plugin/elementskit/roadmaps/https://www.wordfence.com/threat-intel/vulnerabilities/id/6417269d-3d49-4f33-b92a-5aacb052bab0?source=cve