cleantalk
Vulnerabilities and Security Researches

130+ Widgets | Best Addons For Elementor – FREE, CVE-2024-4471

CVE, Research URL

CVE-2024-4471

Home page URL

Security reports for 130+ Widgets | Best Addons For Elementor – FREE

Application

130+ Widgets | Best Addons For Elementor – FREE

Published on
May 23, 2024
Research Description
The 140+ Widgets | Best Addons For Elementor – FREE for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.3.1 via deserialization of untrusted input in the 'export_content' function. This allows authenticated attackers, with contributor-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. Thanks, Francesco
Affected versions
Min -, max 1.4.3.2.
Status
vulnerable
Previous vulnerability researches
130+ Widgets | Best Addons For Elementor – FREE (CVE-2024-54253) , Dec 11, 2024
130+ Widgets | Best Addons For Elementor – FREE (CVE-2024-12584) , Jan 08, 2025
130+ Widgets | Best Addons For Elementor – FREE (CVE-2025-2108) , Mar 21, 2025
130+ Widgets | Best Addons For Elementor – FREE (CVE-2025-32163) , Apr 05, 2025
130+ Widgets | Best Addons For Elementor – FREE (CVE-2024-2250) , Jun 07, 2024
New vulnerability
ZooEffect Plugin for Video player, Photo Gallery Slideshow jQuery and audio / music / podcast – HTML5 (CVE-2025-26954) , Apr 17, 2025
Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers (CVE-2024-10107) , Apr 17, 2025
Raptive Ads (CVE-2025-32554) , Apr 17, 2025
Contact Form by Supsystic (CVE-2024-13452) , Apr 17, 2025
Affiliate Links Lite (CVE-2025-32639) , Apr 17, 2025