Description

The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the render_raw function. This can allow authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Classification

Assigner:

CWE:

Links
CPEs
  • elementskit pro_plugin 3.6.2

CVSS

CVSS version: 3.1 Base score: 8.5
Base severity: HIGH Vector: AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
Exploitability score: 3.1 Impact score: 4.7

Can you explain the CVE description?

This Common Vulnerabilities and Exposures (CVE) description is for CVE-2024-4404, which is a vulnerability in the ElementsKit PRO plugin for WordPress. The vulnerability exists in versions up to and including 3.6.2 and is related to Server-Side Request Forgery (SSRF) through the render_raw function. This vulnerability can be exploited by authenticated attackers with contributor-level permissions or higher to make web requests to arbitrary locations from within the web application. This could potentially allow attackers to query and modify information from internal services. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 8.5, indicating a high severity level. The base severity is rated as HIGH, with a vector CVSS of AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N. The exploitability score is 3.1 and the impact score is 4.7. The vulnerability was published on June 14, 2024, and is currently in the EARLY_WARNING status. More information and resources related to this vulnerability can be found at the provided URLs.

How can this vulnerability be part of an attack tree?

This vulnerability can be part of an attack tree by being exploited as a stepping stone for further attacks. An attacker could use the Server-Side Request Forgery vulnerability in the ElementsKit PRO plugin to make web requests to arbitrary locations, potentially gaining access to sensitive information or internal services. From there, the attacker could escalate their privileges, pivot to other systems, or launch additional attacks within the target environment. This vulnerability could be leveraged as part of a larger attack campaign to compromise the integrity and confidentiality of the WordPress website and any connected systems.


Generated on: 2024-07-01