Auth bypass in Codeastrology Ultraaddons
CVE-2024-10696
The UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and in…
Vulnerability class: IDOR (Insecure Direct Object Reference)
EPSS: 0.005 (38.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.
Affected products
Weakness classification (CWE)
References
- security@wordfence.com (Third Party Advisory)
- security@wordfence.com
Frequently asked questions
- What is CVE-2024-10696?
- CVE-2024-10696 is a medium-severity vulnerability in Codeastrology Ultraaddons, classified under Authorization Bypass Through User-Controlled Key. CVSS score: 4.3/10. Published 2024-11-21.
- How severe is CVE-2024-10696?
- Medium severity. CVSS v3 base score is 4.3 out of 10.