CVE-2022-0320

CVE-2022-0320: Essential Addons for Elementor < 5.0.5 - Unauthenticated LFI

Vendor Unknown
Product Essential Addons for Elementor
Weakness CWE-22 · Path traversal
Published February 1, 2022
Last update August 2, 2024

CVSS base score

What the vulnerability does

01Description

The Essential Addons for Elementor WordPress plugin before 5.0.5 does not validate and sanitise some template data before it them in include statements, which could allow unauthenticated attackers to perform Local File Inclusion attack and read arbitrary files on the server, this could also lead to RCE via user uploaded files or other LFI to RCE techniques.

Key dates

02Disclosure timeline

February 1, 2022 CVE published
August 2, 2024 Record updated