Kata Plus - Insecure deserialization
Summary
| Name | Kata Plus - Addons for Elementor - Widgets, Extensions and Templates 1.5. - Insecure deserialization |
| Code name | skims-15 |
| Product | Kata Plus - Addons for Elementor - Widgets, Extensions and Templates |
| Affected versions | Version 1.5. |
| State | Private |
| Release date | 2025-01-03 |
Vulnerability
| Kind | Insecure deserialization |
| Rule | Insecure deserialization |
| Remote | No |
| CVSSv4 Vector | CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U |
| Exploit available | No |
| CVE ID(s) | cve-2020-2020 |
Description
Kata Plus - Addons for Elementor - Widgets, Extensions and Templates 1.5. was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/includes/theme-options/plugins/cus tomizer-export-import/classes/class-cei- core.php.
Vulnerability
Skims by Fluid Attacks discovered a Insecure deserialization in Kata Plus - Addons for Elementor - Widgets, Extensions and Templates 1.5.. The following is the output of the tool:
Skims output
254 | $cei_error = $file['error'];
255 | return;
256 | }
257 | if ( ! file_exists( $file['file'] ) ) {
258 | $cei_error = __( 'Error importing settings! Please try again.', 'kata-plus' );
259 | return;
260 | }
261 |
262 | // Get the upload data.
263 | $raw = file_get_contents( $file['file'] );
> 264 | $data = @unserialize( $raw );
265 |
266 | // Remove the uploaded file.
267 | unlink( $file['file'] );
268 |
269 | // Data checks.
270 | if ( 'array' != gettype( $data ) ) {
271 | $cei_error = __( 'Error importing settings! Please check that you uploaded a customizer export file.', 'kata-plus' );
272 | return;
273 | }
274 | if ( ! isset( $data['template'] ) || ! isset( $data['mods'] ) ) {
^ Col 0
Our security policy
We have reserved the ID cve-2020-2020 to refer to this issue from now on.
System Information
- Version: Kata Plus - Addons for Elementor -
Widgets, Extensions and Templates 1.5.
Mitigation
There is currently no patch available for this vulnerability.
Credits
The vulnerability was discovered by Andres Roldan from Fluid Attacks' Offensive Team using Skims
Timeline
2025-01-03
Vulnerability discovered.
2025-01-03
Vendor contacted.
