CVE-2024-1567
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to limited file uploads due to missing file type validation in the 'file_validity' function in all versions up to, and including, 1.3.94. This makes it possible for unauthenticated attackers to upload dangerous file types such as .svgz on the affected site's server which may make cross-site scripting or remote code execution possible.
We have discovered 8,337 live websites that are affected by CVE-2024-1567.
Affected Software
| Product |  Royal Elementor Addons |
| Category | Wordpress Plugins |
| Vulnerable Domains | 8,337 live websites (16.10% of Royal Elementor Addons install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 80 versions ( 66.67% of all versions) |
Details
- Published - May 2, 2024
- Updated - Aug 1, 2024
Credits
- wesley (finder)
CVE References
CVE-2024-1567 usage by Country
 United States | 2,135 websites |
 Germany | 1,193 websites |
 France | 709 websites |
 Cyprus | 453 websites |
 Brazil | 435 websites |
 Russia | 334 websites |
 Italy | 247 websites |
 GB | 238 websites |
 Poland | 208 websites |
 Spain | 196 websites |
CVE-2024-1567 usage by TLD
| .com | 3,195 websites |
| .com.br | 665 websites |
| .de | 386 websites |
| .org | 311 websites |
| .fr | 294 websites |
| .ru | 285 websites |
| .it | 218 websites |
| .pl | 168 websites |
| .net | 152 websites |
| .co.uk | 119 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-1567
Top websites that are affected by CVE-2024-1567. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *********.com | United States | **,*** | |
| *********.com | United States | **,*** | |
| ******.com | United States | **,*** | |
| ***********.net | United States | **,*** | |
| *****.clinic |  Israel | **,*** | |
| ************.com | United States | ***,*** | |
| ******.org | GB | ***,*** | |
| ******.me | United States | ***,*** | |
| **********.com | United States | ***,*** | |
| ******.com | United States | ***,*** |
FAQ
A total of 8,337 websites have been identified as vulnerable to CVE-2024-1567, discovered through global website indexing conducted by WebTechSurvey.
Royal Elementor Addons is susceptible to CVE-2024-1567 vulnerability.
Royal Elementor Addons versions before, and including, 1.3.94 are vulnerable to CVE-2024-1567.
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/7a04705d-cd17-4b4b-b04d-de55d6479dab?source=cve
- https://plugins.trac.wordpress.org/browser/royal-elementor-addons/tags/1.3.89/classes/modules/forms/wpr-file-upload.php#L105
- https://plugins.trac.wordpress.org/browser/royal-elementor-addons/tags/1.3.90/classes/modules/forms/wpr-file-upload.php
- https://plugins.trac.wordpress.org/changeset/3056612/royal-elementor-addons/tags/1.3.95/classes/modules/forms/wpr-file-upload.php?old=3055840&old_path=royal-elementor-addons%2Ftags%2F1.3.94%2Fclasses%2Fmodules%2Fforms%2Fwpr-file-upload.php