CVE-2024-56275: WordPress Envato Elements plugin <= 2.0.14 - Server Side Request Forgery (SSRF) vulnerability

Q: What is the severity of CVE-2024-56275?

CVE-2024-56275 is classified as a Server-Side Request Forgery (SSRF) vulnerability.

Q: Which versions of Envato Elements are affected by CVE-2024-56275?

CVE-2024-56275 affects Envato Elements from n/a up to version 2.0.14.

Q: How do I fix CVE-2024-56275?

To mitigate CVE-2024-56275, you should update Envato Elements or the Envato Elements plugin for WordPress to the latest version available.

Q: What type of attack does CVE-2024-56275 enable?

CVE-2024-56275 enables attackers to perform Server-Side Request Forgery (SSRF) attacks.

Q: Is CVE-2024-56275 a critical vulnerability?

The criticality of CVE-2024-56275 depends on the specific context and potential impact in the affected environment.

Published Jan 7, 2025

Updated

Server-Side Request Forgery (SSRF) vulnerability in Envato Envato Elements allows Server Side Request Forgery.This issue affects Envato Elements: from n/a through 2.0.14.

Other sources

Server-Side Request Forgery (SSRF) vulnerability in Envato Envato Elements envato-elements allows Server Side Request Forgery.This issue affects Envato Elements: from n/a through <= 2.0.14.

— MITRE

Affected Software

1 affected component

Envato Envato Elements<=2.0.14

Remediation

Information

Update the WordPress Envato Elements plugin to the latest available version (at least 2.0.15).

Event History

Jan 7, 2025

CVE Published

via MITRE·10:49 AM

Data Sourced

via MITRE·10:49 AM

DescriptionSeverityWeakness

Data Sourced

via NVD·11:15 AM

DescriptionSeverityWeakness

Frequently Asked Questions

What is the severity of CVE-2024-56275?

CVE-2024-56275 is classified as a Server-Side Request Forgery (SSRF) vulnerability.

Which versions of Envato Elements are affected by CVE-2024-56275?

CVE-2024-56275 affects Envato Elements from n/a up to version 2.0.14.

How do I fix CVE-2024-56275?