Ultimate Addons for Elementor < 1.24.2 - Registration Bypass



Description
"The Ultimate Addons for Elementor plugin recently patched a vulnerability in version 1.24.2 that allows attackers to create subscriber-level users, even if registration is disabled on a WordPress site."

This vulnerability is being used in conjunction with a 0-day vulnerability in Elementor PRO. 

Affects Plugin

fixed in version 1.24.2

References

CVE 2020-13125
URL https://www.wordfence.com/blog/2020/05/combined-attack-on-elementor-pro-and-ultimate-addons-for-elementor-puts-1-million-sites-at-risk/

Classification

Type BYPASS

Miscellaneous

Submitter Chloe
Submitter Website https://wordfence.com
Views 1745
Verified No
WPVDB ID 10215

Timeline

Publicly Published 2020-05-07 (19 days ago)
Added 2020-05-07 (18 days ago)
Last Updated 2020-05-18 (7 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin