Unrated severityNVD Advisory· Published May 17, 2020· Updated Aug 4, 2024
CVE-2020-13125
CVE-2020-13125
Description
An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled.
Affected products
2- WordPress/Ultimate Addons for Elementordescription
- Range: <1.24.2
Patches
Vulnerability mechanics
References
2- wpvulndb.com/vulnerabilities/10214mitrex_refsource_MISC
- www.wordfence.com/blog/2020/05/combined-attack-on-elementor-pro-and-ultimate-addons-for-elementor-puts-1-million-sites-at-risk/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.