CVE-2024-0835 in Royal Elementor Kit Pluginالمعلومات

الملخص

بحسب MITRE • 06/02/2024

The Royal Elementor Kit theme for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the dismissed_handler function in all versions up to, and including, 1.0.116. This makes it possible for authenticated attackers, with subscriber access or higher, to update arbitrary transients. Note, that these transients can only be updated to true and not arbitrary values.

Be aware that VulDB is the high quality source for vulnerability data.

مسؤول

Wordfence

حجز

23/01/2024

إفشاء

06/02/2024

الاعتدال

تمت الموافقة

إدخال

VDB-252896

EPSS

0.00533

KEV

لا

النشاطات

منخفض جدًا

القطاع

Hostingprovider

المصادر

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!