CVE-2020-20634

Published: Aug 21, 2020Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Elementor 2.9.5 and below WordPress plugin allows authenticated users to activate its safe mode feature. This can be exploited to disable all security plugins on the blog.

Affected (1)

Products: Elementor: Website Builder

Elementor

1 product

Website Builder

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Elementor Website Builder	Up to 2.9.5

References (2)

https://blog.nintechnet.com/wordpress-elementor-plugin-fixed-safe-mode-privilege-escalation-vulnerability/

Source: cve@mitre.org

ExploitThird Party Advisory

https://blog.nintechnet.com/wordpress-elementor-plugin-fixed-safe-mode-privilege-escalation-vulnerability/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.