Unrated severityNVD Advisory· Published Jun 24, 2024· Updated Apr 28, 2026
WordPress Consulting Elementor Widgets plugin <= 1.3.0 - Remote Code Execution (RCE) vulnerability
CVE-2024-37091
Description
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in StylemixThemes Consulting Elementor Widgets, StylemixThemes Masterstudy Elementor Widgets allows OS Command Injection.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0; Masterstudy Elementor Widgets: from n/a through 1.2.2.
Affected products
4- Range: <=1.3.0
- Range: <=1.2.2
- StylemixThemes/Consulting Elementor Widgetsv5Range: n/a
- StylemixThemes/Masterstudy Elementor Widgetsv5Range: n/a
Patches
Vulnerability mechanics
References
2- patchstack.com/database/vulnerability/consulting-elementor-widgets/wordpress-consulting-elementor-widgets-plugin-1-3-0-remote-code-execution-rce-vulnerabilitymitrevdb-entry
- patchstack.com/database/vulnerability/masterstudy-elementor-widgets/wordpress-masterstudy-elementor-widgets-plugin-1-2-2-remote-code-execution-rce-vulnerabilitymitrevdb-entry
News mentions
0No linked articles in our index yet.