Vulnerability Details : CVE-2022-1329
Public exploit exists!
The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to obtain remote code execution, in versions 3.6.0 to 3.6.2.
Vulnerability category: Execute code
Products affected by CVE-2022-1329
- Elementor » Website Builder » For WordpressVersions from including (>=) 3.6.0 and up to, including, (<=) 3.6.2cpe:2.3:a:elementor:website_builder:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-1329
96.26%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2022-1329
-
Wordpress Plugin Elementor Authenticated Upload Remote Code Execution
Disclosure Date: 2022-03-29First seen: 2022-12-23exploit/multi/http/wp_plugin_elementor_auth_upload_rceThe WordPress plugin Elementor versions 3.6.0 - 3.6.2, inclusive have a vulnerability that allows any authenticated user to upload and execute any PHP file. This is achieved by sending a request to install Elementor Pro from a user supplied zip file. Any user
CVSS scores for CVE-2022-1329
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
Wordfence |
CWE ids for CVE-2022-1329
-
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.Assigned by: security@wordfence.com (Primary)
-
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.Assigned by:
- nvd@nist.gov (Secondary)
- security@wordfence.com (Primary)
References for CVE-2022-1329
-
https://www.wordfence.com/blog/2022/04/elementor-critical-remote-code-execution-vulnerability/
Critical Remote Code Execution Vulnerability in ElementorExploit;Third Party Advisory
-
https://www.pluginvulnerabilities.com/2022/04/12/5-million-install-wordpress-plugin-elementor-contains-authenticated-remote-code-execution-rce-vulnerability/
Exploit;Third Party Advisory
-
http://packetstormsecurity.com/files/168615/WordPress-Elementor-3.6.2-Shell-Upload.html
WordPress Elementor 3.6.2 Shell Upload ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://plugins.trac.wordpress.org/changeset/2708766/elementor/trunk/core/app/modules/onboarding/module.php
Changeset 2708766 for elementor/trunk/core/app/modules/onboarding/module.php – WordPress Plugin RepositoryPatch;Release Notes;Vendor Advisory
Jump to