CVE-2024-11104
CVSS 3.1 Score 8.1 of 10 (high)
Details
Published Nov 22, 2024
CWE ID 862
Summary
CVE-2024-11104 is a vulnerability affecting the Sky Addons for Elementor plugin for WordPress. The issue lies in the lack of capability checks on the save_options() function, which is present in all versions up to 2.6.2. Consequently, authenticated attackers with subscriber-level access or higher can manipulate arbitrary options on WordPress sites, leading to a denial of service. However, it is essential to note that this vulnerability is limited to option values that can be saved as arrays.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share