Auth bypass in Codeastrology Ultraaddons

CVE-2024-10696

The UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and in…

Vulnerability class: IDOR (Insecure Direct Object Reference)

EPSS: 0.005 (38.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2024-10696?
CVE-2024-10696 is a medium-severity vulnerability in Codeastrology Ultraaddons, classified under Authorization Bypass Through User-Controlled Key. CVSS score: 4.3/10. Published 2024-11-21.
How severe is CVE-2024-10696?
Medium severity. CVSS v3 base score is 4.3 out of 10.