CVE-2024-6434

The Premium Addons for Elementor plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS) in all versions up to, and including, 4.10.35. This is due to processing user-supplied input as a regular expression. This makes it possible for authenticated attackers, with Author-level access and above, to create and query a malicious post title, resulting in slowing server resources.

Published: Jul 4, 2024
Updated: Jun 30, 2025
CVE: CVE-2024-6434
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWEs:

CWE-1333

Affected Software
References

Software	From	Fixed in
leap13 / premium_addons_for_elementor	-	4.10.36
Premium Addons for Elementor (Blog Post Listing, Mega Menu Builder, WooCommerce Products Grid, Carousel, Free Templates)	-	4.10.36

https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/includes/class-premium-template-tags.php#L1676
https://plugins.trac.wordpress.org/changeset/3110991/
https://www.wordfence.com/threat-intel/vulnerabilities/id/3c59d95a-b7f1-4a04-bbf4-bab2c42d6d75
https://www.wordfence.com/threat-intel/vulnerabilities/id/3c59d95a-b7f1-4a04-bbf4-bab2c42d6d75?source=cve

Vulnerability Database

289,697

CVE-2024-6434