CVE-2020-13125

MEDIUM EXPLOITED IN THE WILD NUCLEI

Ultimate Addons for Elementor <1.24.2 - Privilege Escalation

Title source: llm

Description

An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled.

Nuclei Templates (1)

Ultimate Addons for Elementor <= 1.24.1 - Registration Bypass

HIGHby daffainfo

References (2)

[Not Applicable] https://wpvulndb.com/vulnerabilities/10214

[Third Party Advisory] https://www.wordfence.com/blog/2020/05/combined-attack-on-elementor-pro-and-ultimate-addons-for-elementor-puts-1-million-sites-at-risk/

Scores

CVSS v3 6.5

EPSS 0.1127

EPSS Percentile 93.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Details

VulnCheck KEV 2020-05-17

InTheWild.io 2021-07-21

Status published

Products (1)

brainstormforce/ultimate_addons_for_elementor < 1.24.2

Published May 17, 2020

Tracked Since Feb 18, 2026