Descrição
An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125. An attacker with the Subscriber role can upload arbitrary executable files to achieve remote code execution. NOTE: the free Elementor plugin is unaffected.
Software
Não informado
Tipo Software
Plugin
CVE
CVE-2020-13126
Tags
Nâo informado
Data de publicação
16/05/2020
Última atualização
08/12/2024
Pontuação em CVSS 3.0
9.9
Crítico