PT-2020-13343 · Elementor · Elementor Pro

Published

2020-05-17

Updated

2021-05-21

CVE-2020-13126

CVSS v3.1

9.9

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Elementor Pro plugin versions prior to 2.9.4

Description An issue in the Elementor Pro plugin allows an attacker with the Subscriber role to upload arbitrary executable files, resulting in remote code execution. This issue has been exploited in the wild.

Recommendations For Elementor Pro plugin versions prior to 2.9.4, update to version 2.9.4 or later to resolve the issue. As a temporary workaround, consider restricting file upload capabilities for users with the Subscriber role until the update is applied.

Fix

RCE

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2020-13126

Affected Products

Elementor Pro

PT-2020-13343 · Elementor · Elementor Pro

CVE-2020-13126

Weakness Enumeration

Related Identifiers

Affected Products

References · 7