CVE-2024-6434

Name of the Vulnerable Software and Affected Versions Premium Addons for Elementor plugin for WordPress versions up to, and including, 4.10.35

Description The issue is related to Regular Expression Denial of Service (ReDoS) due to the processing of user-supplied input as a regular expression. This allows authenticated attackers with Author-level access and above to create and query a malicious post title, resulting in the slowing of server resources.

Recommendations For versions up to, and including, 4.10.35, update to a version later than 4.10.35 to resolve the issue. As a temporary workaround, consider restricting access to post title creation and querying to minimize the risk of exploitation.