CVE-2023-5360

critical

Description

The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.

References

Exploits
More

https://wpscan.com/blog/unauthenticated-file-upload-vulnerability-addressed-in-royal-elementor-addons-and-templates-1-3-79/?text=restrict

https://wpscan.com/vulnerability/281518ff-7816-4007-b712-63aed7828b34

http://packetstormsecurity.com/files/175992/WordPress-Royal-Elementor-Addons-And-Templates-Remote-Shell-Upload.html

Details

Source: Mitre, NVD

Published: 2023-10-31

Updated: 2023-11-29

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H