PT-2026-8224 · WordPress+1 · Element Pack Elementor Addons+1
Chiao-Lin Yu
·
Publicado
2026-02-15
·
Atualizado
2026-02-15
·
CVE-2026-1793
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Element Pack Addons for Elementor versions prior to 8.3.18
Description
The Element Pack Addons for Elementor plugin for WordPress contains a flaw that allows authenticated attackers with contributor-level access or higher to read arbitrary files on the server. This is possible due to insufficient file validation within the
render svg function when using the SVG widget. The issue could expose sensitive information contained in these files.Recommendations
Update Element Pack Addons for Elementor to version 8.3.18 or later.
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Element Pack Elementor Addons
Elementor