CVE-2024-4404
The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side
Description
Description
The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'render_raw' function. This can allow authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Affected Vendors & Products
| Vendor | Product | Version |
|---|---|---|
| wpmet | elementskit | to 3.6.3 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-918 | Server-Side Request Forgery (SSRF) |
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
Meta Information
CVE Publication Date:
2024-06-14
CVE Last Modified Date:
2025-01-10
Report Generation Date:
2025-06-02
EPSS Last Evaluated Date:
2025-03-31
NVD Report Link: