CVE-2023-0443

AnyWhere Elementor < 1.2.8 - Freemius API Key Disclosure

CVSS 5.3 MEDIUMEPSS 0.6%

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5.3EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

30 may 2023Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

The AnyWhere Elementor WordPress plugin before 1.2.8 discloses a Freemius Secret Key which could be used by an attacker to purchase the pro subscription using test credit card numbers without actually paying the amount. Such key has been revoked.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Productos afectados

Unknown · AnyWhere Elementor

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://wpscan.com/vulnerability/471f3226-8f90-43d1-b826-f11ef4bbd602