CVE-2024-13353

Summary

CVE-2024-13353 is a local file inclusion vulnerability affecting the Responsive Addons for Elementor and Elementor Templates plugins for WordPress. This issue, present in versions up to 1.6.4, allows authenticated attackers with Contributor-level access and above to include and execute arbitrary files on the server. The vulnerability can be exploited by bypassing access controls, obtaining sensitive data, or achieving code execution through the execution of PHP code in those files. This risk is particularly significant if images and other "safe" file types can be uploaded and included.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.