cleantalk
Vulnerabilities and Security Researches

Zita Elementor Site Library, CVE-2024-3249

CVE, Research URL

CVE-2024-3249

Home page URL

Security reports for Zita Elementor Site Library

Application

Zita Elementor Site Library

Published on
Jun 25, 2024
Research Description
The Zita Elementor Site Library plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the import_xml_data, xml_data_import, import_option_data, import_widgets, and import_customizer_settings functions in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to create pages, update certain options, including WooCommerce page titles and Elementor settings, import widgets, and update the plugin's customizer settings and the WordPress custom CSS. NOTE: This vulnerability was partially fixed in version 1.6.2.
Affected versions
max 1.6.3.
Status
vulnerable
Previous vulnerability researches
Zita Elementor Site Library (CVE-2024-37420) , Jul 02, 2024
Zita Elementor Site Library (CVE-2024-3249) , Jun 26, 2024
Zita Elementor Site Library (CVE-2024-8921) , Oct 18, 2024
Zita Elementor Site Library (CVE-2026-25319) , Feb 27, 2026
New vulnerability
Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder (CVE-2025-69001) , Feb 27, 2026
Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder (CVE-2026-25313) , Feb 27, 2026
Advanced Custom Fields: Font Awesome Field (CVE-2025-14983) , Feb 27, 2026
Shield Security – Smart Bot Blocking & Intrusion Prevention Security (CVE-2025-14427) , Feb 27, 2026
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login (CVE-2025-15520) , Feb 27, 2026