Primary

Context

ElementInvader Addons for Elementor Local File Inclusion Vulnerability

Vulnerability

Patched

A path traversal vulnerability allowing PHP local file inclusion has been identified in the ElementInvader Addons for Elementor plugin, affecting versions through 1.2.6. This vulnerability could enable a malicious actor to include local files from the target website and display their contents, potentially leading to a complete database takeover if sensitive files containing database credentials are accessed.

Impact

Exploitation of this vulnerability could allow for local file inclusion, enabling the inclusion of sensitive files from the server, such as those containing database credentials, which could lead to a complete takeover of the database, depending on the configuration.

Remediation

Users of the ElementInvader Addons for Elementor plugin should update to version 1.2.7 or later to address this vulnerability. Patchstack users can enable auto-update for vulnerable plugins.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.6

impact

2.5

exploitability

5.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.6

impact

2.5

exploitability

5.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ElementInvader Addons for Elementor Local File Inclusion Vulnerability

Vulnerability

Impact

Remediation

Affected Products

ElementInvader Addons for Elementor

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating