9.8

CVE-2023-32243

Exploit

WordPress Essential Addons for Elementor Plugin 5.4.0-5.7.1 is vulnerable to Privilege Escalation

Essential Addons for Elementor <= 5.7.1 - Unauthenticated Arbitrary Password Reset to Privilege Escalation

Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.
Mögliche Gegenmaßnahme
Essential Addons for Elementor – Popular Elementor Templates & Widgets: Update to version 5.7.2, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WpdeveloperEssential Addons For Elementor SwPlatformwordpress Version >= 5.4.0 < 5.7.1
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt Essential Addons for Elementor – Popular Elementor Templates & Widgets
Version *-5.7.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 75.95% 0.995
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
audit@patchstack.com 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://packetstormsecurity.com/files/172457/WordPress-Elementor-Lite-5.7.1-Arbitrary-Password-Reset.html
Third Party Advisory
Exploit
VDB Entry
https://patchstack.com/articles/critical-privilege-escalation-in-essential-addons-for-elementor-plugin-affecting-1-million-sites?_s_id=cve
Third Party Advisory
Exploit
https://patchstack.com/database/vulnerability/essential-addons-for-elementor-lite/wordpress-essential-addons-for-elementor-plugin-5-4-0-5-7-1-unauthenticated-privilege-escalation-vulnerability?_s_id=cve
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/e988d042-147c-4782-b728-71f5a50cecd8
Third Party Advisory