CVE-2024-3249 in Elementor Site Library Plugininfo

Summary

by MITRE • 06/25/2024

The Zita Elementor Site Library plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the import_xml_data, xml_data_import, import_option_data, import_widgets, and import_customizer_settings functions in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to create pages, update certain options, including WooCommerce page titles and Elementor settings, import widgets, and update the plugin's customizer settings and the WordPress custom CSS. NOTE: This vulnerability was partially fixed in version 1.6.2.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservation

04/02/2024

Disclosure

06/25/2024

Moderation

accepted

Entry

VDB-269567

CPE

ready

CWE

CWE-862 (confirmed)

CVSS

4.3 (VulDB)

EPSS

0.00209

KEV

Activities

very low

Sector

Energy, Government, ...

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2024-3249
NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-3249
CVE Details	https://www.cvedetails.com/cve/CVE-2024-3249/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!