CVE-2024-4404
The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side

Publication date: 2024-06-14

Last updated on: 2025-01-10

Assigner: [email protected]

Description
The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the render_raw function. This can allow authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
CVSS Scores
EPSS Scores
Affected Vendors & Products
Vendor Product Version
elementskit elementskit_pro 3.0 <= version < 3.6.3
wpmet elementskit <= 3.6.3
Helpful Resources
Exploitability
CWE ID Description
CWE-918 Server-Side Request Forgery (SSRF)
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
Meta Information
Date published:
2024-06-14
Date last modified:
2025-01-10
Date generated:
2025-02-06
NVD report: