QID 730373

Date Published: 2022-03-30

QID 730373: WordPress Plugin Essential Addons for Elementor Remote Code Execution (RCE) Vulnerability

A critical RCE in the popular WordPress plugin Essential Addons for Elementor impacts hundreds of thousands of websites.

Affected Versions:
Essential Addons for Elementor versions 5.0.4 and prior.
QID Detection Logic:(Unauthenticated)
This unauthenticated detection depends on the BlindElephant engine to detect the vulnerable version of the Essential Addons for Elementor.

An unauthenticated user can exploit the vulnerability to perform a local file inclusion attack, such as a PHP file, to remotely gain code execution on sites running a vulnerable version of the plugin.

CVSS V3 rated as Critical - 9.8 severity.

CVSS V2 rated as High - 7.5 severity.

Solution

Customers are requested to update to Essential Addons for Elementor 5.0.5 or later to mitigate this vulnerability.

Vendor References

Essential Addons for Elementor - wordpress.org/plugins/essential-addons-for-elementor-lite/#developers

CVEs related to QID 730373

CVE-2022-0320 |

Software Advisories

Advisory ID	Software	Component	Link
Essential Addons for Elementor			wordpress.org/plugins/essential-addons-for-elementor-lite/

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].