CVE-2023-5360

Royal Elementor Addons and Templates < 1.3.79 - Unauthenticated Arbitrary File Upload

EPSS 81.7%

The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.

Affected products

Unknown · Royal Elementor Addons and Templates

public PoCs found — 11

githubgithub.com/phankz/Worpress-CVE-2023-5360★ 13 githubgithub.com/Chocapikk/CVE-2023-5360★ 10 githubgithub.com/Pushkarup/CVE-2023-5360★ 5 githubgithub.com/sagsooz/CVE-2023-5360★ 3 githubgithub.com/X3RX3SSec/CVE-2023-5360★ 2 githubgithub.com/nastar-id/CVE-2023-5360★ 0 githubgithub.com/LaviruDilshan/CVE-2023-5360-exploit-with-native-libraries★ 0 githubgithub.com/Jenderal92/WP-CVE-2023-5360★ 0 exploitdbwww.exploit-db.com/exploits/52127unverified cve_referencewpscan.com/vulnerability/281518ff-7816-4007-b712-63aed7828b34unverified cve_referencepacketstormsecurity.com/files/175992/WordPress-Royal-Elementor-Addons-And-Templates-Remote-Shell-Upload.htmlunverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/175992/WordPress-Royal-Elementor-Addons-And-Templates-Remote-Shell-Upload.html https://wpscan.com/vulnerability/281518ff-7816-4007-b712-63aed7828b34