CVE-2023-0443

Exploit

EPSS 0.13%
Veröffentlicht 30.05.2023 08:15:09
Zuletzt bearbeitet 10.01.2025 21:15:09
Quelle contact@wpscan.com
Teams Watchlist Login
Unerledigt Login

The AnyWhere Elementor WordPress plugin before 1.2.8 discloses a Freemius Secret Key which could be used by an attacker to purchase the pro subscription using test credit card numbers without actually paying the amount. Such key has been revoked.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wpvibes ≫ Anywhere Elementor SwPlatformwordpress Version < 1.2.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.286

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

https://wpscan.com/vulnerability/471f3226-8f90-43d1-b826-f11ef4bbd602

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-0443

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-0443

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-0443

EUVD