← voltar
CVE-2023-32243

WordPress Essential Addons for Elementor Plugin 5.4.0-5.7.1 is vulnerable to Privilege Escalation

CVSS 9.8 CRITICALEPSS 75.9%CWE-287
Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
WPDeveloper · Essential Addons for Elementor
PoCs públicas encontradas11
githubgithub.com/RandomRobbieBF/CVE-2023-3224384githubgithub.com/Jenderal92/WP-CVE-2023-322434githubgithub.com/gbrsh/CVE-2023-322433githubgithub.com/thatonesecguy/Wordpress-Vulnerability-Identification-Scripts2githubgithub.com/little44n1o/cve-2023-322431githubgithub.com/dev0558/CVE-2023-32243-Detection-and-Mitigation-in-WordPress0githubgithub.com/manavvedawala2/CVE-2023-32243-POC0githubgithub.com/manavvedawala2/CVE-2023-32243-proof-of-concept0githubgithub.com/YouGina/CVE-2023-322430githubgithub.com/manavvedawala/CVE-2023-32243-proof-of-concept0cve_referencepacketstormsecurity.com/files/172457/WordPress-Elementor-Lite-5.7.1-Arbitrary-Password-Reset.htmlnão verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://packetstormsecurity.com/files/172457/WordPress-Elementor-Lite-5.7.1-Arbitrary-Password-Reset.htmlhttps://patchstack.com/articles/critical-privilege-escalation-in-essential-addons-for-elementor-plugin-affecting-1-million-sites?_s_id=cvehttps://patchstack.com/database/vulnerability/essential-addons-for-elementor-lite/wordpress-essential-addons-for-elementor-plugin-5-4-0-5-7-1-unauthenticated-privilege-escalation-vulnerability?_s_id=cve