The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to limited file uploads due to missing file type validation in the 'file_validity' function in all versions up to, and including, 1.3.94. This makes it possible for unauthenticated attackers to upload dangerous file types such as .svgz on the affected site's server which may make cross-site scripting or remote code execution possible.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Royal-elementor-addons |
|
No data.
References
History
Wed, 08 Jan 2025 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Royal-elementor-addons
Royal-elementor-addons royal Elementor Addons |
|
| Weaknesses | CWE-434 | |
| CPEs | cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:*:*:*:*:*:wordpress:*:* | |
| Vendors & Products |
Royal-elementor-addons
Royal-elementor-addons royal Elementor Addons |
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2024-08-01T18:40:21.383Z
Reserved: 2024-02-15T20:15:56.171Z
Link: CVE-2024-1567
Vulnrichment
Updated: 2024-08-01T18:40:21.383Z
NVD
Status : Analyzed
Published: 2024-05-02T17:15:11.603
Modified: 2025-01-08T20:47:46.820
Link: CVE-2024-1567
Redhat
No data.