Vulnerability Details : CVE-2023-5360
Public exploit exists!
The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.
Products affected by CVE-2023-5360
- cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-5360
92.22%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2023-5360
-
WordPress Royal Elementor Addons RCE
Disclosure Date: 2023-11-23First seen: 2023-11-29exploit/multi/http/wp_royal_elementor_addons_rceExploit for the unauthenticated file upload vulnerability in WordPress Royal Elementor Addons and Templates plugin (< 1.3.79). Authors: - Fioravante Souza - Valentin Lobstein
CVSS scores for CVE-2023-5360
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2023-5360
-
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.Assigned by:
- contact@wpscan.com (Primary)
- nvd@nist.gov (Primary)
References for CVE-2023-5360
-
http://packetstormsecurity.com/files/175992/WordPress-Royal-Elementor-Addons-And-Templates-Remote-Shell-Upload.html
WordPress Royal Elementor Addons And Templates Remote Shell Upload ≈ Packet Storm
-
https://wpscan.com/vulnerability/281518ff-7816-4007-b712-63aed7828b34
Just a moment...Exploit;Third Party Advisory
Jump to