CVE-2024-0835 in Royal Elementor Kit Plugin情報

要約

〜によって MITRE • 2024年02月06日

The Royal Elementor Kit theme for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the dismissed_handler function in all versions up to, and including, 1.0.116. This makes it possible for authenticated attackers, with subscriber access or higher, to update arbitrary transients. Note, that these transients can only be updated to true and not arbitrary values.

Be aware that VulDB is the high quality source for vulnerability data.

責任者

Wordfence

予約する

2024年01月23日

モデレーション

承諾済み

エントリ

VDB-252896

EPSS

0.00533

アクティビティ

非常低い

セクター

Hostingprovider

ソース

Do you need the next level of professionalism?

Upgrade your account now!