← back
CVE-2023-0443

AnyWhere Elementor < 1.2.8 - Freemius API Key Disclosure

CVSS 5.3 MEDIUMEPSS 0.6%
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.3EPSS 0.6%KEV nãoPoC Patch
Lifecycle
30 May 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The AnyWhere Elementor WordPress plugin before 1.2.8 discloses a Freemius Secret Key which could be used by an attacker to purchase the pro subscription using test credit card numbers without actually paying the amount. Such key has been revoked.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
Unknown · AnyWhere Elementor

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wpscan.com/vulnerability/471f3226-8f90-43d1-b826-f11ef4bbd602