CVE-2024-5153

Name of the Vulnerable Software and Affected Versions Startklar Elementor Addons plugin for WordPress versions up to, and including, 1.7.15

Description The issue allows unauthenticated attackers to perform Directory Traversal via the dropzone hash parameter. This enables them to copy the contents of arbitrary files on the server, which may contain sensitive information, and to delete arbitrary directories, including the root WordPress directory.

Recommendations For versions up to, and including, 1.7.15, update to a version higher than 1.7.15 to resolve the issue. As a temporary workaround, consider restricting access to the dropzone hash parameter to minimize the risk of exploitation.