Description
WordPress Plugin Cryptocurrency Widgets For Elementor is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently download and extract a remote ZIP file on the blog, which can lead to remote code execution. WordPress Plugin Cryptocurrency Widgets For Elementor version 1.2.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.3 or latest
References
https://blog.nintechnet.com/8-wordpress-plugins-fixed-high-severity-vulnerability/
https://plugins.svn.wordpress.org/cryptocurrency-widgets-for-elementor/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin WPshop-eCommerce Arbitrary File Upload (1.3.9.5)
MongoDb Improper Neutralization of Null Byte or NUL Character Vulnerability (CVE-2024-10921)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3757)
WordPress Plugin Calendar by WD-Responsive Event Calendar for WordPress SQL Injection (1.4.9)