9.8
CVE-2023-5360
- EPSS 81.7%
- Veröffentlicht 31.10.2023 14:15:12
- Zuletzt bearbeitet 21.11.2024 08:41:36
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginRoyal Elementor Addons and Templates < 1.3.79 - Unauthenticated Arbitrary File Upload
Royal Elementor Addons and Templates <= 1.3.78 - Unauthenticated Arbitrary File Upload
The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.
Mögliche Gegenmaßnahme
Royal Addons for Elementor – Addons and Templates Kit for Elementor: Update to version 1.3.79, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Royal-elementor-addons ≫ Royal Elementor Addons SwPlatformwordpress Version < 1.3.79
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Royal Addons for Elementor – Addons and Templates Kit for Elementor
Version
*-1.3.78
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 81.7% | 0.996 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
http://packetstormsecurity.com/files/175992/WordPress-Royal-Elementor-Addons-And-Templates-Remote-Shell-Upload.html
https://wpscan.com/vulnerability/281518ff-7816-4007-b712-63aed7828b34
https://www.wordfence.com/threat-intel/vulnerabilities/id/a9d95af5-96da-4259-98c6-e2c4c574a896