Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2023-5360

🗓️ 31 Oct 2023 13:54:42Reported by WPScanType 
cve
 cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 283 Views🌐 WEB

The Royal Elementor Addons WordPress plugin before 1.3.79 allows unauthenticated users to upload arbitrary files

Related
Detection
Affected
Refs
Paths
Social
ReporterTitlePublishedViews
Family
GithubExploit		Exploit for Unrestricted Upload of File with Dangerous Type in Royal-Elementor-Addons Royal_Elementor_Addons
14 Jul 202518:09
githubexploit
GithubExploit		Exploit for Unrestricted Upload of File with Dangerous Type in Royal-Elementor-Addons Royal_Elementor_Addons
27 Dec 202513:27
githubexploit
GithubExploit		Mephisto
21 May 202605:06
githubexploit
GithubExploit		Exploit for Unrestricted Upload of File with Dangerous Type in Royal-Elementor-Addons Royal_Elementor_Addons
5 Nov 202318:02
githubexploit
GithubExploit		Exploit for Unrestricted Upload of File with Dangerous Type in Royal-Elementor-Addons Royal_Elementor_Addons
2 Nov 202303:15
githubexploit
GithubExploit		Exploit for Unrestricted Upload of File with Dangerous Type in Royal-Elementor-Addons Royal_Elementor_Addons
3 Nov 202300:58
githubexploit
GithubExploit		Exploit for CVE-2023-4666
14 Oct 202314:04
githubexploit
0day.today		WordPress Royal Elementor 1.3.78 Shell Upload Vulnerability
16 Oct 202300:00
zdt
0day.today		WordPress Royal Elementor Addons Remote Code Execution Exploit
28 Nov 202300:00
zdt
ATTACKERKB		CVE-2023-5360
31 Oct 202300:00
attackerkb
Rows per page
NVD
Vulners
Node
royal-elementor-addonsroyal_elementor_addonsRange<1.3.79wordpress
[
  {
    "vendor": "Unknown",
    "product": "Royal Elementor Addons and Templates",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.3.79"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]
ParameterPositionPathDescriptionCWE
wpr_addons_noncerequest bodywp-admin/admin-ajax.phpUnauthenticated upload of arbitrary files via admin-ajax.php in Royal Elementor Addons (RCE via PHP upload).CWE-434
max_file_sizerequest bodywp-admin/admin-ajax.phpUnauthenticated upload of arbitrary files via admin-ajax.php in Royal Elementor Addons (RCE via PHP upload).CWE-434
allowed_file_typesrequest bodywp-admin/admin-ajax.phpUnauthenticated upload of arbitrary files via admin-ajax.php in Royal Elementor Addons (RCE via PHP upload).CWE-434
actionrequest bodywp-admin/admin-ajax.phpUnauthenticated upload of arbitrary files via admin-ajax.php in Royal Elementor Addons (RCE via PHP upload).CWE-434
triggering_eventrequest bodywp-admin/admin-ajax.phpUnauthenticated upload of arbitrary files via admin-ajax.php in Royal Elementor Addons (RCE via PHP upload).CWE-434
uploaded_filerequest bodywp-admin/admin-ajax.phpUnauthenticated upload of arbitrary files via admin-ajax.php in Royal Elementor Addons (RCE via PHP upload).CWE-434

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Nov 2024 08:41Current
9.6High risk
Vulners AI Score9.6
CVSS 3.19.8
EPSS0.93478
CWE-434In Wild
cve-2023-5360royal elementorwordpress pluginfile upload vulnerabilityrcenvd
283