cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-5153,https://securityvulnerability.io/vulnerability/CVE-2024-5153,Unauthenticated Directory Traversal Vulnerability in Elementor Addons Plugin,"The Startklar Elementor Addons plugin for WordPress is susceptible to a Directory Traversal vulnerability across all versions up to and including 1.7.15. This flaw arises from improper validation of the 'dropzone_hash' parameter, allowing unauthenticated attackers to traverse directories on the server. Exploitation of this vulnerability permits attackers to access and potentially extract sensitive information from arbitrary files, as well as delete directories, including the main WordPress directory. This significant security risk highlights the importance of immediate attention to plugin updates and security patches.",Wordpress,Startklar Elementor Addons,9.8,CRITICAL,0.0008399999933317304,false,,false,false,false,,false,false,2024-06-06T03:53:09.676Z,0
CVE-2024-4346,https://securityvulnerability.io/vulnerability/CVE-2024-4346,Unauthenticated File Deletion Vulnerability in Elementor Addons Plugin for WordPress,"The Startklar Elementor Addons plugin for WordPress contains a vulnerability that permits arbitrary file deletion in all releases up to and including version 1.7.13. This security flaw arises from the plugin's inadequate validation of uploaded file paths before deletion. As a result, unauthenticated attackers can exploit this vulnerability to delete critical files on the server, such as the wp-config.php file. This could enable attackers to gain control of the website by facilitating site takeover and remote code execution, posing significant threats to website integrity and security.",Wordpress,Startklar Elementor Addons,9.1,CRITICAL,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-07T08:31:05.498Z,0
CVE-2024-4345,https://securityvulnerability.io/vulnerability/CVE-2024-4345,Arbitrary File Upload Vulnerability in Startklar Elementor Addons Plugin for WordPress,"The Startklar Elementor Addons plugin for WordPress exposes a significant vulnerability that allows unauthenticated users to exploit insufficient file type validation in the 'process' function of the 'startklarDropZoneUploadProcess' class. This flaw enables attackers to upload arbitrary files to the server, potentially leading to remote code execution. Affected versions include those up to and including 1.7.13, necessitating immediate attention from site administrators to mitigate risks associated with unauthorized file uploads.",Wordpress,Startklar Elementor Addons,9.8,CRITICAL,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-07T08:31:04.906Z,0