CVE-2024-4404

Name of the Vulnerable Software and Affected Versions ElementsKit PRO plugin for WordPress versions up to, and including, 3.6.2

Description The issue allows authenticated attackers with contributor-level permissions and above to conduct Server-Side Request Forgery via the render raw function. This enables them to make web requests to arbitrary locations from the web application, potentially querying and modifying information from internal services.

Recommendations For versions up to, and including, 3.6.2, update to a version higher than 3.6.2 to resolve the issue. As a temporary workaround, consider disabling the render raw function until a patch is available.