CVE-2024-11104

Name of the Vulnerable Software and Affected Versions The Sky Addons for Elementor plugin for WordPress versions up to, and including, 2.6.2

Description The issue allows unauthorized modification of data, potentially leading to a denial of service, due to a missing capability check on the save options() function. This enables authenticated attackers with subscriber-level access and above to update arbitrary options on the WordPress site, limited to option values that can be saved as arrays.

Recommendations For versions up to, and including, 2.6.2, consider disabling the save options() function until a patch is available to prevent unauthorized modification of data. Restrict access to the plugin's options to minimize the risk of exploitation. Avoid using the plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.