CVE-2020-13125

Medium

An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in…

mitre·NVD-CWE-noinfo·Published 2020-05-17

CVSS

6.5

EPSS

0.02

KEV

Exploits

cve.orgen

273 chars

An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled.

NVDen

273 chars

NVDes

309 chars

Se detectó un problema en el plugin "Ultimate Addons for Elementor" versiones anteriores a 1.24.2 para WordPress, como se explotó "in the wild" en Mayo de 2020, en conjunto con CVE-2020-13126. Los atacantes no autenticados pueden crear usuarios con el rol Subscriber incluso si el registro está deshabilitado.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.4	10.0	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N
3.0	Primary	cve.org	7.2	—	—	CVSS:3.0/AC:L/AV:N/A:N/C:L/I:L/PR:N/S:C/UI:N