Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2024-6434
PUBLISHED
More InfoOfficial Page
Assigner-Wordfence
Assigner Org ID-b15e7b5b-3da4-40ae-a43c-f7aa60e62599
View Known Exploited Vulnerability (KEV) details
Published At-04 Jul, 2024 | 08:32
Updated At-08 Apr, 2026 | 16:47
Rejected At-
▼CVE Numbering Authority (CNA)
Premium Addons for Elementor <= 4.10.35 - Regular Expressions Denial of Service

The Premium Addons for Elementor plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS) in all versions up to, and including, 4.10.35. This is due to processing user-supplied input as a regular expression. This makes it possible for authenticated attackers, with Author-level access and above, to create and query a malicious post title, resulting in slowing server resources.

Affected Products
Vendor
leap13
Product
Premium Addons for Elementor – Powerful Elementor Templates & Widgets
Default Status
unaffected
Versions
Affected
  • From 0 through 4.10.35 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-400CWE-400 Uncontrolled Resource Consumption
Type: CWE
CWE ID: CWE-400
Description: CWE-400 Uncontrolled Resource Consumption
Metrics
VersionBase scoreBase severityVector
3.13.1LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
Version: 3.1
Base score: 3.1
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Muhammad Umer Adeem
Timeline
EventDate
Disclosed2024-07-03 00:00:00
Event: Disclosed
Date: 2024-07-03 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.wordfence.com/threat-intel/vulnerabilities/id/3c59d95a-b7f1-4a04-bbf4-bab2c42d6d75?source=cve
N/A
https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/includes/class-premium-template-tags.php#L1676
N/A
https://plugins.trac.wordpress.org/changeset/3110991/
N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/3c59d95a-b7f1-4a04-bbf4-bab2c42d6d75?source=cve
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/includes/class-premium-template-tags.php#L1676
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/changeset/3110991/
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.wordfence.com/threat-intel/vulnerabilities/id/3c59d95a-b7f1-4a04-bbf4-bab2c42d6d75?source=cve
x_transferred
https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/includes/class-premium-template-tags.php#L1676
x_transferred
https://plugins.trac.wordpress.org/changeset/3110991/
x_transferred
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/3c59d95a-b7f1-4a04-bbf4-bab2c42d6d75?source=cve
Resource:
x_transferred
Hyperlink: https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/includes/class-premium-template-tags.php#L1676
Resource:
x_transferred
Hyperlink: https://plugins.trac.wordpress.org/changeset/3110991/
Resource:
x_transferred
Details not found