CVE-2023-0443

Exploit

EPSS 0.62%
Veröffentlicht 30.05.2023 08:15:09
Zuletzt bearbeitet 10.01.2025 21:15:09
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

AnyWhere Elementor < 1.2.8 - Freemius API Key Disclosure

AnyWhere Elementor <= 1.2.7 - Sensitive Information Exposure

The AnyWhere Elementor WordPress plugin before 1.2.8 discloses a Freemius Secret Key which could be used by an attacker to purchase the pro subscription using test credit card numbers without actually paying the amount. Such key has been revoked.

Mögliche Gegenmaßnahme

Dynific Addons for Elementor (formerly AnyWhere Elementor): Update to version 1.2.8, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wpvibes ≫ Anywhere Elementor SwPlatformwordpress Version < 1.2.8

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Dynific Addons for Elementor (formerly AnyWhere Elementor)

Version *-1.2.7

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.62%	0.449

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://wpscan.com/vulnerability/471f3226-8f90-43d1-b826-f11ef4bbd602

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/5782439f-a546-45f6-aec7-e600442d3c41

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-0443

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-0443

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-0443

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-0443