WordPress The Plus Addons for Elementor Pro premium plugin <= 5.0.6 - Unauthenticated SQL Injection (SQLi) vulnerability

2021-12-1300:00:00

Nicolas Vidal from TEHTRIS

patchstack.com

wordpress

plus addons

elementor pro

sql injection

nicolas vidal

tehtris

update.

EPSS

0.002

Percentile

53.0%

JSON

Unauthenticated SQL Injection (SQLi) vulnerability discovered by Nicolas Vidal from TEHTRIS in WordPress The Plus Addons for Elementor Pro premium plugin (versions <= 5.0.6).

Solution

           Update the WordPress The Plus Addons for Elementor Pro premium plugin to the latest available version (at least 5.0.7).

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24949

roadmap.theplusaddons.com/updates

wpscan.com/vulnerability/9d7f8ba8-a5d5-4ec3-a48f-5cd4b115e8d5

EPSS

0.002

Percentile

53.0%

JSON

Related for PATCHSTACK:B9065CD3FFF3206E26E510B4B51B6401