CVE-2020-13126

Critical

An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with…

mitre·CWE-434·Published 2020-05-17

CVSS

9.9

EPSS

0.09

KEV

Exploits

cve.orgen

308 chars

An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125. An attacker with the Subscriber role can upload arbitrary executable files to achieve remote code execution. NOTE: the free Elementor plugin is unaffected.

NVDen

308 chars

NVDes

350 chars

Se detectó un problema en el plugin Elementor Pro versiones anteriores a 2.9.4 para WordPress, como se explotó "in the wild" en Mayo de 2020, en conjunto con CVE-2020-13125. Un atacante con el rol Subscriber puede cargar archivos ejecutables arbitrarios para lograr una ejecución de código remota. NOTA: el plugin Elementor gratuito no está afectado.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.5	8.0	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
3.0	Primary	cve.org	9.9	—	—	CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N