CVE-2024-4345 - Vulnerability Details - OpenCVE

The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'process' function in the 'startklarDropZoneUploadProcess' class in versions up to, and including, 1.7.13. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.14962.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://plugins.trac.wordpress.org/browser/startklar-elmentor-forms-extwidgets/trunk/startklarDropZoneUploadProcess.php?rev=3061298#L7
https://plugins.trac.wordpress.org/changeset/3081987/startklar-elmentor-forms-extwidgets
https://www.wordfence.com/threat-intel/vulnerabilities/id/4221b33c-5cfa-48db-92bf-bf25ff3c5a5f?source=cve

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-05-07T08:31:04.906Z

Updated: 2024-08-01T20:40:47.119Z

Reserved: 2024-04-30T13:22:03.994Z

Link: CVE-2024-4345

Vulnrichment

Updated: 2024-08-01T20:40:47.119Z

NVD

Status : Awaiting Analysis

Published: 2024-05-07T09:15:38.840

Modified: 2024-11-21T09:42:40.130

Link: CVE-2024-4345

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-4345", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-04-30T13:22:03.994Z", "datePublished": "2024-05-07T08:31:04.906Z", "dateUpdated": "2024-08-01T20:40:47.119Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-05-07T08:31:04.906Z"}, "affected": [{"vendor": "wshberlin", "product": "Startklar Elementor Addons", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "1.7.13", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'process' function in the 'startklarDropZoneUploadProcess' class in versions up to, and including, 1.7.13. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4221b33c-5cfa-48db-92bf-bf25ff3c5a5f?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/startklar-elmentor-forms-extwidgets/trunk/startklarDropZoneUploadProcess.php?rev=3061298#L7"}, {"url": "https://plugins.trac.wordpress.org/changeset/3081987/startklar-elmentor-forms-extwidgets"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "credits": [{"lang": "en", "type": "finder", "value": "Istv\u00e1n M\u00e1rton"}], "timeline": [{"time": "2024-04-30T00:00:00.000+00:00", "lang": "en", "value": "Discovered"}, {"time": "2024-04-30T00:00:00.000+00:00", "lang": "en", "value": "Vendor Notified"}, {"time": "2024-05-06T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4345", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-07T15:19:46.931130Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:56:28.103Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:40:47.119Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4221b33c-5cfa-48db-92bf-bf25ff3c5a5f?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/startklar-elmentor-forms-extwidgets/trunk/startklarDropZoneUploadProcess.php?rev=3061298#L7", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/3081987/startklar-elmentor-forms-extwidgets", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4221b33c-5cfa-48db-92bf-bf25ff3c5a5f?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/startklar-elmentor-forms-extwidgets/trunk/startklarDropZoneUploadProcess.php?rev=3061298#L7", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/3081987/startklar-elmentor-forms-extwidgets", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:40:47.119Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4345", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-07T15:19:46.931130Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-07T15:21:01.179Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "Istv\u00e1n M\u00e1rton"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "wshberlin", "product": "Startklar Elementor Addons", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.7.13"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-04-30T00:00:00.000+00:00", "value": "Discovered"}, {"lang": "en", "time": "2024-04-30T00:00:00.000+00:00", "value": "Vendor Notified"}, {"lang": "en", "time": "2024-05-06T00:00:00.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4221b33c-5cfa-48db-92bf-bf25ff3c5a5f?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/startklar-elmentor-forms-extwidgets/trunk/startklarDropZoneUploadProcess.php?rev=3061298#L7"}, {"url": "https://plugins.trac.wordpress.org/changeset/3081987/startklar-elmentor-forms-extwidgets"}], "descriptions": [{"lang": "en", "value": "The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'process' function in the 'startklarDropZoneUploadProcess' class in versions up to, and including, 1.7.13. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-05-07T08:31:04.906Z"}}}, "cveMetadata": {"cveId": "CVE-2024-4345", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:40:47.119Z", "dateReserved": "2024-04-30T13:22:03.994Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-05-07T08:31:04.906Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'process' function in the 'startklarDropZoneUploadProcess' class in versions up to, and including, 1.7.13. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible."}, {"lang": "es", "value": "El complemento Startklar Elementor Addons para WordPress es vulnerable a cargas de archivos arbitrarias debido a una validaci\u00f3n insuficiente del tipo de archivo en la funci\u00f3n 'proceso' en la clase 'startklarDropZoneUploadProcess' en versiones hasta la 1.7.13 incluida. Esto hace posible que atacantes no autenticados carguen archivos arbitrarios en el servidor del sitio afectado, lo que puede hacer posible la ejecuci\u00f3n remota de c\u00f3digo."}], "id": "CVE-2024-4345", "lastModified": "2024-11-21T09:42:40.130", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2024-05-07T09:15:38.840", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/startklar-elmentor-forms-extwidgets/trunk/startklarDropZoneUploadProcess.php?rev=3061298#L7"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3081987/startklar-elmentor-forms-extwidgets"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4221b33c-5cfa-48db-92bf-bf25ff3c5a5f?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://plugins.trac.wordpress.org/browser/startklar-elmentor-forms-extwidgets/trunk/startklarDropZoneUploadProcess.php?rev=3061298#L7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://plugins.trac.wordpress.org/changeset/3081987/startklar-elmentor-forms-extwidgets"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4221b33c-5cfa-48db-92bf-bf25ff3c5a5f?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Awaiting Analysis"}