CVE-2022-0320

CRITICAL

Essential Addons for Elementor <5.0.5 - Local File Inclusion

Title source: llm

Description

The Essential Addons for Elementor WordPress plugin before 5.0.5 does not validate and sanitise some template data before it them in include statements, which could allow unauthenticated attackers to perform Local File Inclusion attack and read arbitrary files on the server, this could also lead to RCE via user uploaded files or other LFI to RCE techniques.

References (1)

Core 1

Core References

Third Party Advisory x_refsource_misc

https://wpscan.com/vulnerability/0d02b222-e672-4ac0-a1d4-d34e1ecf4a95

Scores

CVSS v3 9.8

EPSS 0.0199

EPSS Percentile 78.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-22

Status published

Products (1)

wpdeveloper/essential_addons_for_elementor < 5.0.5

Published Feb 01, 2022

Tracked Since Feb 18, 2026