CVE-2020-13125

An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in...

Basic Information

CVE State: PUBLISHED
Reserved Date: May 17, 2020
Published Date: May 17, 2020
Last Updated: August 04, 2024
Vendor: n/a
Product: n/a
Description: An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled.
Tags

CVSS Scores

CVSS v3.0

7.2 - HIGH

Vector: CVSS:3.0/AC:L/AV:N/A:N/C:L/I:L/PR:N/S:C/UI:N

Exploit Status

Exploited in the Wild: Yes (2020-05-17 00:39:00 UTC) Source

References

https://wpvulndb.com/vulnerabilities/10214 https://www.wordfence.com/blog/2020/05/combined-attack-on-elementor-pro-and-ultimate-addons-for-elementor-puts-1-million-sites-at-risk/

Known Exploited Vulnerability Information

Source	Added Date
CVE	2020-05-17 00:39:00 UTC

Timeline

CVE ID Reserved

May 17, 2020
CVE Published to Public

May 17, 2020
Added to KEVIntel

May 17, 2020