CVE-2020-7055
CRITICALElementor Page Builder < 2.7.4 - Unrestricted File Upload
Title source: ruleDescription
An issue was discovered in Elementor 2.7.4. Arbitrary file upload is possible in the Elementor Import Templates function, allowing an attacker to execute code via a crafted ZIP archive.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://pentest.co.uk/labs/advisory/cve-2020-7055/
Exploit, Third Party Advisory x_refsource_misc
https://pentest.co.uk/labs/vulnerability-disclosure-cve-2020-7055/
Scores
CVSS v3
9.9
EPSS
0.0207
EPSS Percentile
84.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (1)
elementor/elementor_page_builder
< 2.7.4
Published
Apr 22, 2020
Tracked Since
Feb 18, 2026