CVE-2023-0443

Exploit

EPSS 0.13%
Veröffentlicht 30.05.2023 08:15:09
Zuletzt bearbeitet 10.01.2025 21:15:09
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

AnyWhere Elementor <= 1.2.7 - Sensitive Information Exposure

The AnyWhere Elementor WordPress plugin before 1.2.8 discloses a Freemius Secret Key which could be used by an attacker to purchase the pro subscription using test credit card numbers without actually paying the amount. Such key has been revoked.

Mögliche Gegenmaßnahme

AnyWhere Elementor: Update to version 1.2.8, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt AnyWhere Elementor

Version * - 1.2.7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wpvibes ≫ Anywhere Elementor SwPlatformwordpress Version < 1.2.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.326

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

https://wpscan.com/vulnerability/471f3226-8f90-43d1-b826-f11ef4bbd602

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/5782439f-a546-45f6-aec7-e600442d3c41

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-0443

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-0443

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-0443

EUVD